Message Image

Skip main navigation (Press Enter).

Data Loss Prevention

View Only

Back to discussions

Expand all | Collapse all

Need assistance with IP Filtering for Vontu Network Monitor

Jump to Best Answer

Dan HurnFeb 28, 2011 11:07 AM

I'm trying to test an IP filter on a network monitor. I'm trying to exclude capturing data from a single ...

Migration UserFeb 28, 2011 11:39 AMBest Answer

You're close...the thing to remember is that the rules you set up in here are evaluated from left to ...

1. Need assistance with IP Filtering for Vontu Network Monitor

0 Recommend
Dan Hurn
Posted Feb 28, 2011 11:07 AM

Reply Reply Privately
I'm trying to test an IP filter on a network monitor. I'm trying to exclude capturing data from a single IP address ... at least for now. For example...

+,*,*;-,192.168.20.140/32,* According to the online help, I'm interpreting this as ignore source IP 192.168.20.140 that is destined for anywhere.

However, the above example is not working. Has anyone worked with these? Your comments are appreciated.
2. RE: Need assistance with IP Filtering for Vontu Network Monitor
Best Answer

0 Recommend
Migration User
Posted Feb 28, 2011 11:39 AM

Reply Reply Privately
You're close...the thing to remember is that the rules you set up in here are evaluated from left to right. So starting out with:

+,*,*

...means that you are including ALL traffic, so in essence you've invalidated all of your subsequent filters. And, it's:

[+|-],[destination],[source]

What you want is this:

-,*,192.168.20.140/32;+,*,*

That's read as "exclude traffic from that exact IP as the source, then inspect anything else.

If you look in the help, you'll see they provide examples as well, which may be helpful.

Regards,

~Keith

Copyright 2019. All rights reserved.

Powered by Higher Logic