How to set up IP filters for Symantec DLP Network Monitor


Article ID: 160497


Updated On:


Data Loss Prevention Network Monitor Data Loss Prevention Enforce


Setting up IP filters for the Symantec DLP Monitor Server.


To setup IP filters for the Symantec DLP Monitor Server:

  1. From Symantec DLP Enforce, in the left pane, go to Administration > Settings > Protocols (if you want to apply to ALL Monitor servers); or go to Administration > System > Overview > Network Monitor server > Configure > Protocol (if you want to apply ONLY to a specific Monitor server).
  2. Add the filter by selecting the protocol you want.
  3. Use the following general syntax for IP filtering:

    -, <destination> , <source> drops all streams sent to <destination> from <source>
    +, <destination> , <source> includes all streams sent to <destination> from <source>

    All filters are processed from top to bottom. Make sure that there is no extra linefeed at the end. Otherwise you will get errors.
    For example, if you want to exclude only IPs and and keep everything else, you could do the following


    You can also use
    Classless Inter Domain Routing (CIDR) notation ( A filter of +,,*;-,*,* matches all streams going to network 10.67.x.x but does not match any other traffic.

    For more information on filtering and protocols, open the online help from Administration > Settings -> Protocols.