Previous Topic: Bypassing Trusted Process AuthorizationNext Topic: Reducing Audit and Trace Loads


Bypass Ports for Network Activity

To specify that all connection events (inbound and outbound) related to specific TCP/IP ports can be established without CA ControlMinder authorization, you can define a bypass for these ports. Bypassing these ports reduces system load and speeds event processing. Bypassed connection events are not logged in the audit and trace files.

Note: CA ControlMinder lets you bypass the network connection event only; not any subsequent events that use the network connection (for example, opening a file).

Trusted inbound connections are specified separately from outbound connections:

Note: For more information about the seos.ini initialization file, updating tokens, and affecting changes, see the Reference Guide.

Example: Bypass incoming Telnet events

If you set the bypass_TCPIP configuration setting to 23 (the Telnet port), the audit and trace files no longer log the network event when you Telnet to that workstation. Events related to other services, such as ssh, login, and FTP, and subsequent events that use the network connection (for example, opening a file), will still be logged.

Example: Bypass outgoing FTP events

If you set the bypass_outgoing_TCPIP configuration setting to 21 (the FTP port), the audit and trace files no longer log the network event when you FTP from that workstation. Events related to other services, such as ssh, login, and Telnet, and subsequent events that use the network connection (for example, opening a file), will still be logged.