Allow (approve) S-TAP connection to Guardium (S-TAP certification)

Use this function to control the specific S-TAP® hosts whose clients are allowed ("approved") to access the Guardium® system.

About this task

When enabled, only the specified S-TAP clients are allowed to access the Guardium system.

You can also control this feature with the CLI command store stap approval or with the GuardAPI command, grdapi store_stap_approval.

If you use the CLI command store stap approval, the new configuration takes effect after you run the command restart inspection-core.

View approved S-TAPs in Manage > Reports > Change Monitoring > Approved Tap Clients or Reports > Real-Time Guardium Operational Reports > Approved Tap Clients.

Procedure

  1. Access Manage > Activity Monitoring > S-TAP Certification.
  2. Select S-TAP Approval Needed. This is the equivalent of the GrdAPI command store_stap_approval.
  3. Specify the approved S-TAP host IP address (not host name) in the Approved S-TAP Clients section, and click Add. This is the equivalent of the GrdAPI command add_approved_stap_client.
  4. Repeat for each S-TAP host.

Results

Note: In a Central Managed environment, after you add the IP addresses to approved S-TAPs, there is a wait time for synchronization that might take up to an hour. After synchronization is complete, the status of the approved S-TAPs appears green in Manage > Activity Monitoring > S-TAP Control