Example

Network Integration Guide › Configuring the NBA › NBA Filters › Which Filter Takes Precedence? › Example

Example

An NBA policy comprises three application filters to target machines on the 10.0.*.* network. In the nbapolicy.xml, the filters are listed in this order:

Filter 1 analyzes packets sent from machines with a 10.0.1.* IP address.
Filter 2 ignores any packets sent from machines with a 10.0.*.* IP address.
Filter 3 prohibits packets sent from a specific machine, whose IP address is 10.0.1.53.

In this example, filter 3 takes precedence; all packets from the 10.0.1.53 machine are prohibited (that is, blocked), regardless of any other filters.

Next, the NBA implements filter 1; any packets from a machine on the 10.0.1.* subnet are passed to a policy engine for analysis except for packets from 10.0.1.53, which are prohibited as described above.

Finally, any remaining packets from machines on the 10.0.*.* network are ignored. That is, they are permitted to pass through the NBA without interruption.

XML Order	IP Address	Filter Action	Precedence
Filter 1	10.0.1.*	Analyze	2nd
Filter 2	10.0..	Ignore	3rd
Filter 3	10.0.1.53	Prohibit	1st