Network Implementation Guide › Introduction › NBA Filters

NBA Filters

The NBA uses filters to check every IP packet it sees. These packets are then analyzed, decrypted, monitored, prohibited or ignored, depending on how the filters are configured. The NBA supports network filters and application filters. Both are defined in nbapolicy.xml.

• Network filters can optionally check for TCP or UDP data packets, the IP addresses and the port numbers they use.
• Application filters can check a packet’s IP addresses and port numbers. They can also identify the protocol (which indicates the message type). For example, they can identify email or IM packets, or file uploads.

Default filters are automatically set up in nbapolicy.xml. The default filters enable the NBA to analyze (but not decrypt) all network traffic, and send all files and emails it finds to the policy engines. If these filters are removed, the NBA will ignore all network traffic.

Handling for multiple filters, and filter precedence, are described on the following pages.