Create Precryption Template for UCT-V

GigaVUE-FM allows you to filter packets during Precryption in the Data Acquisition at the UCT-V level. This filtering is based on L3/L4 5 tuple information (5-tuple filtering) and the applications running on the workload virtual machines.

Rules and Notes:

  • If you wish to use Selective Precryption, your GigaVUE-FM and the fabric components version must be 6.8.00 or above.
  • When a single UCT-V is associated with two different Monitoring Sessions with contrasting pass and drop rules, then instead of prioritizing a single rule, GigaVUE-FM will pass all the traffic.
  • Once the templates are associated with a Monitoring Session, any changes made in the template will not be reflected in the Monitoring Session.

Refer to the section the following sections for more detailed information:

Create Precryption Template for Filtering based on Applications

The application filter allows you to select the applications for which the Precryption should be applied in the Monitoring Session Options page.

  1. Go to Traffic > Resources > Precryption. The Precryption Policies page appears.
  2. Click the APPLICATION tab.
  3. Click Add. The New Precryption Template page appears.
  4. Select csv as the Type, if you wish to add applications using a .csv file.
    1. You can download the sample .csv file and edit it.
    2. Save your .csv file.
    3. Click Choose File and upload the file.
  5. Select Manual as the Type, if you wish to add the applications manually. Enter the Application Name and click + icon to add more applications.
  6. Click Save.

The added applications are displayed in the APPLICATION tab.

You can delete a selected application or you can delete all the application using the Actions button.

Create Precryption Template for Filtering based on L3-L4 details

  1. Go to Traffic > Resources > Precryption. The Precryption Policies page appears.
  2. Click the L3-L4 tab.
  3. Click Add.
  4. In the Template field, enter the name of the precryption template.
  5. From the Priority drop-down list, select the value of the priority based on which the rules must be prioritized for filtering. Select the value as 1 to pass or drop a rule in top priority. Similarly, you can select the value as 2, 3, 4 upto 8, where 8 can be used for setting a rule with the least priority. Drop rules are added based on the priority and, then pass rules are added.
  6. In the Rule Name field, enter the name of the rule.
  7. From the Traffic Action drop-down list, select how the traffic should be handled.
    • Pass — Passes the traffic.
    • Drop — Drops the traffic.

      Note:  In the absence of a Precryption rule, traffic is implicitly allowed. However, once rules are defined, they include an implicit pass all rule. Should the traffic not conform to any of the specified rules, it will be passed.

  8. From the Direction drop-down list, select the direction of traffic.
    • Bi-Directional —- Allows the traffic in both directions of the flow. A single Bi-direction rule should consist of 1 Ingress and 1 Egress rule.
    • Ingress — Filters the traffic that flows in.
    • Egress — Filters the traffic that flows out.
  9. From the L3/L4 Layer drop-down list, select L3 or L4.

    Note:  L4 Filter Type can only be used with L3.

  10. From the Condition drop-down list, select the type of condition.
  11. From the Condition Relation drop-down list, select any of the following:
    • Equal to
    • Not equal to
  12. In the Value field, select or enter based on the selected Condition.

    Note:  When using Protocol as the Filter Name, select TCP from the drop-down menu.

  13. Click Save.

Note:  Click + to add more rules or filters. Click - to remove a rule or a filter.

The template is successfully created. To enable Precryption, refer to Configure Monitoring Session Options (OpenStack) section.

You can delete a selected template or you can delete all the templates using the Actions button.

You can also edit a selected template using Actions > Edit.