2.2.3. Overview of the management of the gcp0 and gcp1 network interfaces.

There are two management interfaces. They are called gcp0 and gcp1 respectively.

These interfaces perform the following functions:

  • function 1: secure communication between the probe and GCenter through an IPSEC tunnel in order to:

    • escalate information such as files, alerts, metadata, and so on, derived from analysing the monitored flows

    • report information on the health of the probe to GCenter

    • control the probe - analysis rules, signatures, and so on.

  • function 2: remote administration through the SSH protocol with access:

    • to the probe's command line interface (CLI)

    • To the graphical setup/configuration menu (deprecated)


2.2.3.1. CLI commands

Managing the network interfaces is done using the CLI commands listed in the Manage the network table.


2.2.3.2. View or configure

To view or configure the network interfaces, refer to the Procedure for managing the network settings of gcp0 and gcp1 interfaces.


2.2.3.2.1. Single interface configuration.

In single-interface configuration, function 1 and function 2 are supported by the interface gcp0 only.

To toggle from dual-interface to single-interface configuration, refer to the Procedure for switching to single-interface configuration.


2.2.3.2.2. Dual-interface configuration

In dual-interface configuration:

  • function 1 is handled by interface gcp0

  • function 2 is handled by interface gcp1

Important

This dual-interface configuration is mandatory if using the MPL mode on the GCenter.

The aim of this situation is to ensure that the management flow and the interconnection flow between the GCap and GCenter are separated from each other.

Note

It is not possible to invert the 2 network interfaces.

To toggle from single-interface to dual-interface configuration, refer to the Procedure for switching to dual-interface configuration.