What is the best guideline for a setup which uses Secure Transport?


Consider the following guidelines when you configure secure transport:

Is it possible to configure Secure Transport directly on the SteelHeads?
You MUST have SteelCentral Controller for SteelHead for configuring and working with Secure Transport settings of the SteelHeads.


Can I configure Secure Transport with virtual in-path deployment?
Only physical in-path deployments are supported; virtual in-path deployments are not supported.

Is Disconnected Mode Timeout configurable?
Yes it is and  this can be configured through the SCC

Is my traffic secure during Disconnected Mode Timeout?
Yes, the last known keys and subnet information are used during the Disconnected Mode Timeout period.

What will happen after Disconnected Mode Timeout?
After a Disconnected Mode Timeout (which can be configured through the SCC), all secure transport tunnels are brought down.

How do I know if peer SteelHeads are in Disconnected Mode?
An alarm is raised on the SteelHead peer when it enters disconnected mode.

Can I use IPsec secure peering and Secure Transport together? 
In SteelHead v9.0, IPSec secure peering and the secure transport service are mutually exclusive. The secure transport service is enabled by default on SteelHead appliances.  Before you enable IPSec secure peering on the SteelHead, you must disable the secure transport service on the SteelHead.

Is it possible to use statistic collectors to obtain ESP traffic statistic?
Flow statistic collectors, such as NetFlow, cannot collect Encapsulating Security Payload (ESP) packet data flow information.

Is the setup with only one Steelhead appliance (one location) supported?
SteelHead appliances must be present on both endpoints of the path.

How to perform double encryption of the traffic inside the Secure Transport Tunnel? 
Traffic is double encrypted only when both secure transport and SSL Secure peering are enabled.
Last Modified: 2018-04-09
