How to set up IP filters for Symantec DLP Network Monitor

book

Article ID: 160497

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor Data Loss Prevention Enforce

Issue/Introduction

Setting up IP filters for the Symantec DLP Monitor Server.

Resolution

To setup IP filters for the Symantec DLP Monitor Server:

  1. From Symantec DLP Enforce, in the left pane, go to Administration > Settings > Protocols (if you want to apply to ALL Monitor servers); or go to Administration > System > Overview > Network Monitor server > Configure > Protocol (if you want to apply ONLY to a specific Monitor server).
  2. Add the filter by selecting the protocol you want.
  3. Use the following general syntax for IP filtering:

    -, <destination> , <source> drops all streams sent to <destination> from <source>
    +, <destination> , <source> includes all streams sent to <destination> from <source>

    All filters are processed from top to bottom. Make sure that there is no extra linefeed at the end. Otherwise you will get errors.
    For example, if you want to exclude only IPs 1.1.1.1 and 2.2.2.2 and keep everything else, you could do the following

    -,*,1.1.1.1;-,*,2.2.2.2;+,*,*

    You can also use
    Classless Inter Domain Routing (CIDR) notation (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). A filter of +,10.67.0.0/16,*;-,*,* matches all streams going to network 10.67.x.x but does not match any other traffic.

    For more information on filtering and protocols, open the online help from Administration > Settings -> Protocols.