Troubleshooting
Problem
Version 9
Unix S-TAP reads only the first 16 port_range definitions in Inspection Engine settings. That is, you can define 16 inspection engines in each of which there is a unique port_range defined. It's a limitation of K-TAP. When K-TAP is used for both local and TCP connections by ktap_local_tcp=0 in guard_tap.ini, K-TAP intercepts TCP connections but it reads only the first 16 port_range definitions and it won't read the 17th or later definitions if it's defined.
Version 10
Unix S-TAP reads only the first 20 port_range definitions in Inspection Engine settings.
Resolving The Problem
Guardium recommends to define less than 16 Inspection Engines for Guardium V9 and 20 for Guardium V10 from a performance perspective, and K-TAP is a recommended method for intercepting both local and TCP traffic, but in case of any requirement.
For Example
Utilize port_range_start and port_range_end parameters to include all the required ports in the first Inspection Engine definition. This will intercept all the traffic from the specified port range. If you need to ignore some ports in the range, you can define a policy to ignore these unnecessary server ports.
For example:
[DB_0] port_range_end=50020 port_range_start=50000 |
This settings defines listening ports from 50000 to 50020 as target ports to be monitored.
Was this topic helpful?
Document Information
Modified date:
05 December 2018
UID
swg21676268