Choose Manage→Network Group Encryption from the NFM-P main menu. The Manage Network Group Encryption form opens.

Choose Key Group from the drop-down menu and click Search. The NFM-P NGE key groups are listed.

Select a key group and click Properties. The Key Group (Edit) form opens.

Click on the Encryption tab.

Click on the NGE Domains sub-tab.

Choose an NGE domain and click Properties. The NGE Domain (Edit) form opens.

Add one or more managed sites to the domain:

1. Click on the Domain Sites tab.

2. Click Add→Add Managed Sites. The Select Managed Sites window opens.

3. Click Search. The available NEs are listed.

4. Select an NE and click OK.

   The site is added to the domain.

When two or more sites are added to the domain, the L3 Router Interfaces in the same subnet will be populated in the L3 Router Interfaces tab. The Ethernet ports associated with interfaces in the L3 Router Interfaces tab will be populated in the L2 Ethernet Ports tab.

You can add unmanaged sites to a domain; see To add unmanaged sites to an NGE domain.

If needed, add interfaces or ports to the domain manually. When an L3 Router Interface is added, the Ethernet ports associated with the interface will be populated in the L2 Ethernet Ports tab.

To add an interface or port manually:

1. Click on the L3 Router Interfaces or L2 Ethernet Ports tab.

2. Click Add.

3. Select the interfaces or ports and click OK.

The objects are added to the domain.

If needed, you can bind a manually created ACL IP Exception filter to an L3 interface for L3 encryption exemption.

See To configure an ACL IP exception filter policy to create the policy.

To bind an ACL IP Exception Filter to a gateway L3 interface:

1. Click on the L3 Router Interfaces.

2. Select an interface and click Properties. The Key Group Routing Interface Binding (Edit) form opens.

3. Click on the Select button for the Inbound IP Exception or Outbound IP Exception fields and select a policy.

4. Save your changes and close the Key Group Routing Interface Binding (Edit) form.

To apply the NGE encryption keys to one or more objects:

• To encrypt interfaces:

  1. Select a domain and click Properties.

  2. Click on the L3 Router Interfaces tab.

  3. Select one or more interfaces and click Encrypt.

• To encrypt ports:

  1. Select a domain and click Properties.

  2. Click on the L2 Ethernet Ports tab.

  3. Select one or more ports and click Encrypt.

• To encrypt all ports or interfaces in a domain, select a domain and click Encrypt→L3 Router Interfaces or Encrypt→L2 Ethernet Ports.

To disable encryption on one or more objects:

• To disable encryption on an interface:

  1. Select a domain and click Properties.

  2. Click on the L3 Router Interfaces tab.

  3. Select one or more interfaces and click Disable Encryption.

• To disable encryption on a port:

  1. Select a domain and click Properties.

  2. Click on the L2 Ethernet Ports tab.

  3. Select one or more ports and click Disable Encryption.

• To disable encryption on all ports or interfaces in a domain, select a domain and click Disable Encryption→L3 Router Interfaces or Disable Encryption→L2 Ethernet Ports.

To remove a port or interface from the domain:

1. Disable encryption on the ports or interfaces you need to delete; see Step 11.

2. From the NGE Domains tab, select a domain and click Properties. The NGE Domain (Edit) form opens.

3. Click on the L3 Router Interfaces or L2 Ethernet Ports tab.

4. Select an interface or port and click Delete.

5. Click OK to close the NGE Domain (Edit) form.

To remove a site from the domain:

1. Disable encryption on all ports and interfaces on the site; see Step 11.

2. From the NGE Domains tab, select a domain and click Properties. The NGE Domain (Edit) form opens.

3. Click on the Domain Sites tab.

4. Select a site and click Delete.

5. Click OK to close the NGE Domain (Edit) form.

To delete a domain:

1. Disable encryption on the all ports and interfaces in the domain; see Step 11.

2. From the NGE Domains tab, select a domain and click Delete.

Close the forms.

End of steps