Previous Topic: General Policy TagsNext Topic: Application Filter Tags


Network Filter Tags

This section defines the XML tags used to define NBA network filters.

<networkfilters>

Contains the network filter tags listed below. It has a single enabled attribute:

enabled

Can be set to:

  • enabled="true"--Enables all NBA network filter groups. Note that you can still disable individual groups of network filters.
  • enabled="false"--Disables all NBA network filters. Data packets pass through the NBA without interruption.

For example:

<networkfilters enabled="true" />
<filtergroup>

Contains tags for a group of related network filters. It supports a single attribute:

enabled

Can be set to:

  • enabled="true"--Enables the filter group. Note that you can still disable individual filters within the group.
  • enabled="false"--Disables the filter group. No filters in this group are applied to packets passing through the NBA.

For example:

<filtergroup enabled="true" /> 
<groupname>

Defines the name of the filter group. The group name is saved in the policy.txt diagnostic file to make the file easier to comprehend.

On Bivio 7000 appliances, the Group fields in the Filters screen of the NBA console have the same effect as this policy tag.

This tag supports type and value attributes:

type

Always set to type="stringType".

value

Sets the name of the filter group. For example:

<groupname type="StringType" value="TCP blocking filters" />
<networkfilter>

Contains any tags associated with a specific network filter. It supports a single enabled attribute:

enabled

This attribute can be set to:

  • enabled="true"--Enables the filter.
  • enabled="false"--Disables the filter.

For example:

<networkfilter enabled="true" />
<filtername>

Sets a name for the current filter. The filter name is saved in the policy.txt diagnostic file to make the file easier to comprehend.

The Filter fields in the Filters screen of the NBA console have the same effect as this policy tag.

This tag supports type and value attributes:

type

Always set to type="stringType".

value

Sets a description of the filter. For example:

<filtername type="StringType" value="Webmail blocking filter" />
<ipaddrlist>

Defines the source IP addresses and TCP ports that you want the network filter to detect.

That is, you can configure the NBA to analyze, prohibit or ignore packets sent from the specified IP addresses or being transmitted to the specified port numbers. You can specify any combination of IP addresses, address ranges, ports, and port ranges.

This tag supports a single type attribute and one or more nested <element> tags.

type

Always set to type="stringListType". For example:

<ipaddrlist type="StringType"/>
<element>

Defines a specific IP address or address range. The <element> tag can optionally also specify a port number or port range. You can define multiple <element> tags. Each supports a single value attribute:

value

Defines an actual IP address and port number, such as:

<element value="192.160.0.5"/>
<element value="10.0.1/24"/>
<element value="10.0.1.5:128"/>
<element value="192.160.0.5:128-1023"/>
<element value="*"/>
<protocols>

Specifies which transport protocol to detect: TCP, UDP, or both.

Briefly, TCP is typically used by emails and file transfer applications that require packets to be delivered reliably and in the correct order. Conversely, UDP is typically used by network applications that do not require guaranteed packet delivery such as video or audio streaming, Voice over IP and online gaming. For example, you may want to use this tag to block video streaming from a specific website; such streams are typically transmitted as UDP packets.

This tag supports a single type attribute and one or more nested <element> tags.

type

Always set to type="stringListType". For example:

<protocols type="stringType"/>
<element>

Defines which transport protocols the network filter looks for. You typically only need a single <element> tag. This tag supports a single value attribute.

value

Defines the actual transport protocol:

  • value="all"--This filter applies to all data packets.
  • value="tcp"--This filter only applies to TCP packets. Other packets are ignored and pass through this filter.
  • value="udp"--This filter only applies to UDP packets. Other packets are ignored and pass through this filter.

For example:

<element value="all" />
<action>

Defaults to analyze. This tag determines how the NBA handles data packets that meet the network filter criteria. You can configure the filter to analyze, decrypt, ignore, or prohibit these packets. This tag supports type and value attributes:

type

Always set to type="simpleEnumStreamBlock".

value

Defines how the filter handles data packets arriving at the NBA:

  • value="analyze"--The NBA passes data packets to an application filter for further analysis.
  • value="decrypt"--The NBA decrypts data packets (if necessary) and then passes them to an application filter for further analysis.
  • value="ignore"--The NBA ignores packets that meet the filter criteria and permits them to pass through the NBA without interruption.
  • value="prohibit"--When the NBA is operating in Active mode, it blocks packets that meet the filter criteria. They do not pass through the NBA. When operating in Passive mode, the NBA ignores packets that meet the filter criteria and permits them to pass through the NBA without interruption.

For example:

<action type="simpleEnumStreamBlock" element value="analyze" />
<loglevel>

Defaults to error. This tag determines the level of logging for changes for the current network filter. Logging details are recorded in the NBA agent management log files. The syntax is the same as the <loglevel> tag for the overall NBA policy; see the Logging Tags section for details.

Under normal conditions, you would set this tag to:

<loglevel type="simpleEnumLogLevel" value="error">

Other supported values are: none, warnings, objects, and debug.

More information:

Logging Tags