IBM Support

Unix S-TAP limitation on the number of Inspection Engines allowed in Guardium V9 and Guardium V10.

Troubleshooting


Problem

Version 9

Unix S-TAP reads only the first 16 port_range definitions in Inspection Engine settings. That is, you can define 16 inspection engines in each of which there is a unique port_range defined. It's a limitation of K-TAP. When K-TAP is used for both local and TCP connections by ktap_local_tcp=0 in guard_tap.ini, K-TAP intercepts TCP connections but it reads only the first 16 port_range definitions and it won't read the 17th or later definitions if it's defined.

Version 10

Unix S-TAP reads only the first 20 port_range definitions in Inspection Engine settings.

Resolving The Problem

Guardium recommends to define less than 16 Inspection Engines for Guardium V9 and 20 for Guardium V10 from a performance perspective, and K-TAP is a recommended method for intercepting both local and TCP traffic, but in case of any requirement.

For Example
Utilize port_range_start and port_range_end parameters to include all the required ports in the first Inspection Engine definition. This will intercept all the traffic from the specified port range. If you need to ignore some ports in the range, you can define a policy to ignore these unnecessary server ports.

For example:

[DB_0]
port_range_end=50020
port_range_start=50000

This settings defines listening ports from 50000 to 50020 as target ports to be monitored.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"8.2;9.0;9.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
05 December 2018

UID

swg21676268

Page Feedback