Parameters to enable only for monitoring, blocking and quarantine:
Firewall installed=1 ( Can be changed in GUI from External S-TAP control)
But monitoring, blocking and quarantine will only when related policy installed on collector, and how it works will be decided by policy as well.
Parameters to enable redaction:
No parameter on External S-TAP , it works when redaction policy installed on collector
------------------------------
JENNIFER Peng
------------------------------
Original Message:
Sent: Tue November 10, 2020 11:34 PM
From: PHANENDRA RAO CHAVANA
Subject: S-TAP parameters in External S-TAP deployment
Hi,
May I know which parameters below to enable only for monitoring, blocking, redaction and quarantine for External S-Tap?
Do we need to enable any of the below parameters to monitor traffic or traffic monitoring works without enabling any parameters?
Firewall installed
Firewall timeout
Firewall default state
Firewall fail close
Firewall force watch/Firewall force unwatch
Thanks,
Panendar Rao.C
------------------------------
PHANENDRA RAO CHAVANA
Original Message:
Sent: Thu November 05, 2020 10:21 AM
From: JENNIFER Peng
Subject: S-TAP parameters in External S-TAP deployment
But my doubt is without installing any S-TAP parameters in External S-TAP deployment, does it supports all features by default or do we need to install some parameters and if it is how to do it?
blocking --off by default , turn on/off blocking after install by External S-TAP configuration GUI firewall TAP and params as following:
Firewall installed
Firewall timeout
Firewall default state
Firewall fail close
Firewall force watch/Firewall force unwatch
redaction and quarantine -- no on/off switch, works when the equivalent policy installed on collector
------------------------------
JENNIFER Peng
Original Message:
Sent: Thu November 05, 2020 08:38 AM
From: PHANENDRA RAO CHAVANA
Subject: S-TAP parameters in External S-TAP deployment
Hi,
If we are using External S-TAP in AWS EKS or deploying using script in Linux machine, it supports features like blocking, redaction and quarantine. But, In normal deployment we use S-TAP parameters to control the blocking or redaction in Linux and windows operating systems.
But my doubt is without installing any S-TAP parameters in External S-TAP deployment, does it supports all features by default or do we need to install some parameters and if it is how to do it?
Thanks,
Panendar Rao.C
------------------------------
PHANENDRA RAO CHAVANA
------------------------------