- Written by Ziqian XU
- Posted on 10月 21, 2021
- Updated on 10月 21, 2021
- 8163 Views
Support for AES GCM has been added as a method for storing symmetric secrets in EOS. This applies to secrets that must be
- Written by Leandro Penz
- Posted on 8月 21, 2020
- Updated on 8月 21, 2020
- 7027 Views
Dynamic CLI Access VLAN is a command that sets the effective access VLAN in a port without changing the running
- Written by Jeevan Kamisetty
- Posted on 8月 23, 2022
- Updated on 11月 30, 2023
- 9666 Views
NDR switch sensor aka “monitor security awake” feature provides deep network analysis by doing deep packet inspection of some or all packets of traffic that's forwarded by the switch.
- Written by Aman Aman-Ul-Haq
- Posted on 3月 9, 2021
- Updated on 12月 1, 2023
- 11207 Views
The Segment security feature provides the convenience of applying policies on segments rather than interfaces or subnets. Hosts/networks are classified into segments based on prefixes. Grouping prefixes into segments allows for definition of policies that govern flow of traffic between segments.
- Written by Pedro Coutinho
- Posted on 6月 10, 2019
- Updated on 6月 11, 2019
- 8340 Views
This feature involves the use of packet’s Time to Live (TTL) (IPv4) or Hop Limit (IPv6) attributes to protect
- Written by Pedro Coutinho
- Posted on 8月 25, 2016
- Updated on 6月 11, 2019
- 8933 Views
This feature involves the use of packet’s Time to Live (TTL) (IPv4) or Hop Limit (IPv6) attributes to protect
- Written by Thejesh Panchappa
- Posted on 12月 30, 2021
- Updated on 12月 30, 2021
- 7756 Views
Macro Segmentation Service with Layer 3 firewall (MSS FW) provides a mechanism to offload policy enforcement on TORs
- Written by Arup Raton Roy
- Posted on 9月 7, 2021
- Updated on 9月 21, 2021
- 7657 Views
Macro Segmentation Service with Layer 3 firewall (MSS FW) enforces all security policies bi directionally by
- Written by Ben May
- Posted on 2月 1, 2024
- Updated on 2月 1, 2024
- 3123 Views
This can be done with multiple groups today, as long as we have enough unique group entries in hardware. In the absence of this configuration ( default behavior ), bridged traffic will be assigned to the default VRF and policies of default VRF will be applied to bridged traffic. With this feature, bridged traffic is never subject to MSS-G configuration.
- Written by Coy Humphrey
- Posted on 9月 15, 2020
- Updated on 6月 7, 2024
- 11096 Views
This TOI describes a set of enhancements made to the existing Port Security: Protect Mode (PortSec-Protect) feature. Please see the existing TOI for this feature here:Port Security: Protect Mode
- Written by Robert Hrusecky
- Posted on 9月 12, 2024
- Updated on 9月 12, 2024
- 661 Views
Prior to 4.32.2F, the “reset system storage secure” CLI command can be used to perform a best-effort storage device wipe of all sensitive data. However, this command has the limitation that it wipes EOS from the storage device, leaving the system “stuck” in Aboot. The “reset system storage secure rollback” command provides the same secure erase functionality, but additionally allows the user to preserve a subset of files on the main flash device by copying them into RAM during the secure erase procedure. The set of files that are preserved is configurable. After a successful wipe, the system will return to EOS after the erase is complete if the EOS SWI image and adequate configuration files are preserved (such as boot-config and startup-config).
- Written by Michelle Wang
- Posted on 6月 8, 2020
- Updated on 7月 21, 2023
- 7814 Views
EOS provides a way to extend its capabilities through the installation of extensions. An extension is a pre packaged
- Written by Ronan Mac Fhlannchadha
- Posted on 10月 14, 2024
- Updated on 11月 11, 2024
- 346 Views
This supports checking that the value of a given x509 certificate OID matches a user-provided value during the TLS handshake in OpenConfig. If the value does not match, no connection will be established.
- Written by Wenyi Cheng
- Posted on 4月 19, 2021
- Updated on 7月 19, 2023
- 8878 Views
This feature adds TLS support to the existing syslog logging mechanism. With the new added CLI commands, the user can
- Written by Yuyang Chen
- Posted on 6月 15, 2021
- Updated on 6月 21, 2021
- 8560 Views
Port wide port security: Port security with address limit on the port configured by the existing shutdown mode port