Block S-TAP connection to Guardium (S-TAP Certification)

Use this function to control the specific S-TAP hosts whose clients are allowed access to the Guardium system.

About this task

When enabled, only the specified S-TAP clients are allowed to access the Guardium system.

You can also control this feature with the CLI command store stap approval or with the GuardAPI command, grdapi store_stap_approval.

If you use the CLI command store stap approval, the new configuration takes effect after you run the command restart inspection-core.

View approved STAPs in Manage > Reports > Change Monitoring > Approved Tap Clients or Reports > Real-Time Guardium Operational Reports > Approved Tap Clients.

Procedure

  1. Access Manage > Activity Monitoring > S-TAP Certification.
  2. Select S-TAP Approval Needed.
  3. Specify the approved S-TAP client host IP addresses (not host name) in the Approved S-TAP Clients section, and click Add.
  4. Repeat for each S-TAP client.

Results

Note: In a Central Managed environment, after you add the IP addresses to approved S-TAPs, there is a wait time for synchronization that might take up to an hour. After synchronization is complete, the status of the approved S-TAPs appears green in Manage > Activity Monitoring > S-TAP Control