Previous Topic: Include or Exclude IP Ranges from SSL DecodingNext Topic: Exclude an IP Range

Network Integration GuideDecoding SSL CommunicationsHow to Set up SSL DecodeInclude or Exclude IP Ranges from SSL DecodingInclude an IP Range

Include an IP Range

To decrypt SSL frames on specific IP address and port ranges for HTTPS web traffic, you set up network filters.

To include IP addresses

  1. Log on to the NBA console and go to the Filters tab.
  2. Create a network filter.
  3. Specify the following parameters.
    IP Addresses

    Specify the IP range and port that you want to include. For example:

    10.20.0.0/16:443

    Protocols

    TCP

    Action

    decrypt

    This filter decrypts addresses in the range from 10.20.0.0 to 10.20.255.255, on port 443.

  4. Configure the application (stream) filter.
  5. Specify the following parameters.
    IP Addresses

    Set this value to '*'

    Protocols

    HTTP

    Action

    analyze

    This filter uses the asterisk wildcard to include all remaining addresses in the analysis after the network filter has prefiltered them.