Linux-UNIX: Server-side masking (SSM) parameters

The server-side masking parameters affect the behavior of the S-TAP with respect to discovery.

These parameters are stored in the [TAP] section of the S-TAP properties file.

Attention: These are advanced parameters and should be modified only by IBM Technical Support.
Parameter Default value Description
server_side_masking_installed 0 Enables the server-side masking feature. Valid values:
  • 0=No
  • 1=Yes
server_side_masking_default_state 0 Sets the server-side masking activation trigger. Valid values:
  • 0=SSM activated per session when triggered by a rule in the installed policy
  • 1=SSM activated for every session regardless of the installed policy
server_side_masking_force_watch NULL Comma separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) whose sessions are watched automatically. Valid when server_side_masking_installed=1 and qrw_default_state=0.

Cannot be configured to the same range as firewall_force_watch.

server_side_masking_force_unwatch NULL Comma separated list of client IP/MASKs (for example, 1.1.1.1/1.1.1.1,2.2.2.2/2.2.2.2) whose sessions are not watched. Valid when server_side_masking_installed is 1 and firewall_default_state is 1.

Cannot be configured to the same range as firewall_force_unwatch.