2.2.3. Overview of the management of the gcp0
and gcp1
network interfaces.
There are two management interfaces. They are called gcp0
and gcp1
respectively.
These interfaces perform the following functions:
Function 1: secure communication between the probe and GCenter through an IPSEC tunnel in order to:
Escalate information such as files, alerts, metadata, and so on, derived from analysing the monitored flows
Report information on the health of the probe to GCenter
Control the probe - analysis rules, signatures, and so on.
Function 2: remote administration through the SSH protocol with access:
To the probe's command line interface (CLI)
To the graphical setup/configuration menu (deprecated)
2.2.3.1. CLI commands
Managing the network interfaces is done using the CLI commands listed in the Manage the network table.
2.2.3.2. View or configure
To view or configure the network interfaces, refer to the Procedure for managing the network settings of gcp0
and gcp1
interfaces.
2.2.3.2.1. Single interface configuration.
In single-interface configuration, function 1 and function 2 are supported by the interface gcp0
only.
To toggle from dual-interface to single-interface configuration, refer to the Procedure for switching to single-interface configuration.
2.2.3.2.2. Dual-interface configuration
In dual-interface configuration:
Function 1 is handled by interface
gcp0
Function 2 is handled by interface
gcp1
Important
This dual-interface configuration is mandatory if using the MPL mode on the GCenter.
The aim of this situation is to ensure that the management flow and the interconnection flow between the GCap and GCenter are separated from each other.
Note
It is not possible to invert the 2 network interfaces.
To toggle from single-interface to dual-interface configuration, refer to the Procedure for switching to dual-interface configuration.