By default, DNE is disabled, and port mirroring for DNE-encrypted packets is also disabled. You can enable both from the NSX Manager GUI.

About this task

Port mirroring for DNE-encrypted packets is disabled by default because the packets are assumed to be sensitive and require special consideration when doing port mirroring. This setting does not impact packets that are not DNE-encrypted.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Encryption from the navigation panel.
  3. Click the Settings tab.
  4. To enable or disable DNE, click EDIT next to DNE Enablement.
    1. Click the DNE Enablement toggle.
  5. To enable or disable port mirroring, click EDIT next to Port Mirroring Enablement.
    1. Click the Port Mirroring Enablement toggle.
  6. Click Save.

Results

Once disabled, DNE immediately suspends all policy enforcement operations (authentication and encryption). While disabled, existing policy configurations are not deleted - they are just not enforced.