TAP tab

External S-TAPs are designed to use S-TAPs. From the TAP tab, you can set a number of S-TAP-related parameters.

From the TAP tab, you can set a number of S-TAP-related parameters.

For the query rewrite (QRW) parameters,
  • Make sure that QRW force watch and QRW force unwatch are not configured with the same IP ranges.
  • In addition, these options are valid only when QRW installed is selected and QRW default state is set to 1.
The following caveats apply for QRW:
  • QRW with External S-TAP works with the following databases:
    • Db2 (Linux and UNIX)
    • Microsoft SQL
    • Oracle
  • You cannot deploy External S-TAP with QRW enabled. Deploy the External S-TAP first, and then enable QRW from the GUI.

For more information about the query rewrite parameters, see Linux-UNIX: Query rewrite parameters.

Table 1. TAP tab
Parameter Default Meaning
All can control Not checked For configurations with multiple collectors, specifies whether all collectors can change the configuration or only the primary collector can make changes. The default allows only the primary collector to make changes.
Messages Not checked

Turn remote and syslog messages on or off:

  • Remote: When selected, sends messages to the active Guardium® host.
  • Syslog: When selected, records system messages in the syslog.
Load balancing
Select a load balancing option:
  • 0: No load balancing (default). Traffic is sent to one alive server. The primary server has highest priority.
  • 1: Split sessions between collectors. Traffic is split between servers.
  • 2: Duplicate traffice to all collectors. Traffic is sent to all servers.
  • 4: Split sessions between collectors (multi-threading). Traffic is managed (and split) by multiple S-TAP threads.
Managed units 1 The number of managed units (MUs) to request from the load balancer
Compression level 1 Select the level of data compression between the S-TAP and the collector. Choose a compression level between 1 (none) to 9 (highest).
QRW force unwatch   Client IPs addresses and masks (for example, 192.168.0.0/192.168.0.10) to exclude from watching.

Click Add icon to add additional IP addresses and masks.

QRW force watch   Client IP addresses and masks (for example,192.168.0.0/32) to automatically watch .

Click Add icon to add additional IP addresses and masks.

QRW default state   Sets the query rewrite activation trigger. Must be 0 if Firewall default state (on the Firewall tab) is set to 1. Valid values:
  • 0: QRW is activated per session when triggered by a rule in the installed policy.
  • 1: QRW is activated for every session regardless of the installed policy.
QRW installed   Enables or disables the Dynamic Data Masking for Databases feature. When set to 0, all other QRW parameters are ignored.
Load balancer node affinity   For enterprise load balancing, specifies whether the S-TAP connects to more than one managed unit.

For more information, see Load balancer node affinity.