A filter is a way to control data flow through a SafeLinx Server.
Filtering criteria depends on packet type. You can create filters for four types of packets: TCP, UDP, ICMP, and other.
Filters are dependent resources of an MNI to control data access to and from all IP-attached SafeLinx Clients accessible from the SafeLinx Server through that MNI. For example, to eliminate line-charge expenses when the ping command is used to test network connections, you can create an ICMP filter. This filter prevents the ping packets from reaching a specific subnet of SafeLinx Clients.
- Filter data from a single IP address or from a group (subnet) of IP addresses
- Filter data to a single IP address or to a group (subnet) of IP addresses
- Filter data only when the packet is going to a SafeLinx Client or coming from a SafeLinx Client
- Block or pass data through negative or positive packets that match the defined filter
|Packet type||Filtering criteria|
You can qualify the filter according to the port used by the originator or the receiver of the packet.
You can select a specific flag within the packet header to further qualify the filter.
Note: Flags should only be used by protocol experts who require this level of differentiation for a special purpose.
|UDP||You can qualify the filter according to the port used by the originator or the receiver of the packet.|
|ICMP||You can qualify the filter according to a specific type of ICMP packet. For some specific ICMP packets, you can further qualify with code that applies to the packet.|
|Other packets||You can qualify the filter according to a specific type of IP-protocol. Specify a search for a specific character string within the packet header.|
Filters that work together can be put into groups. Default groups of filters are available under the Default Resources OU when you install the SafeLinx Administrator.
To add a filter, right-click the OU in which you want to add the filter, click, and then select the filter type.