Question & Answer
Question
NAT is used between the network locations where my S-TAP and Collector are installed. What is the expected behavior of Guardium S-TAP Verification in this case?
Cause
S-TAP Verification (both advanced and standard) checks the client and server IP of the connection from collector to database. If the IP addresses are different from the perspective of the collector and the database server, for example if NAT is used, the verification process will not work as expected.
The verification process is looking for traffic from IP1 to IP2, but the S-TAP is reporting traffic from IP3 to IP4 due to NAT.
Answer
If NAT is used between network locations of the collector and S-TAP, S-TAP verification will fail, even if the S-TAP is in fact collecting traffic. Run diagnostics will show '0 failed checks'.
As of Guardium v10.1.2 and v9.5 this is the expected behavior. S-TAP verification is not supported in NAT environment.
Check in reports to verify if these S-TAPs are collecting data. For example - How can I check if the correct data is being logged on my Guardium appliance?
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22000145