3. Filter by Protocols

_images/MoteurDeDetectionOFF.png

From the 'Adv Config' menu :

_images/SPDC13.PNG
↓
_images/SPDC14.PNG
↓
_images/SPDC30.PNG

'Packet Filtering' is used to create on an active RULESET in order to specify filter rules per monitoring interface. This option is compatible with GCenter 2.5.3.100+. The rules present in Sigflow Manager apply to one or all interfaces.

'Drop all packets from a protocol' allows to do XDP filtering according to a protocol: gre, l2tp, ah and esp. It is therefore possible to drop the network stream according to the application protocol. You must specify the protocol range (0-65535) for protocols with ports.

_images/SPDC36.PNG ↓ _images/SPDC37.PNG

The administrator specifies the new protocol filter rule by selecting the capture interface, VLAN and IP addressing. The insertion of default rules per interface and VLAN is possible. A set of rules can be added to an interface and a VLAN. These rules filter the ports of certain encrypted protocols, and the tunnels.

'Drop default ciphered protocols' allows you to create a filter rule based on the encrypted protocols detected by default.

_images/SPDC40.PNG ↓ _images/SPDC41.PNG

The administrator specifies the new filter rule by selecting the capture interface, VLAN, IP addressing, protocol: tcp or udp, and its protocol range (0:65635).

You can do it with the following CLI command :

set advanced-configuration packet-filtering add interface [mon0|1|2|3|4|5|6|7] drop [protocol|ciphered-protocols|port-range|prefix|vlan] confirm