Document ID: RDWR-DP-V0602_UG1201
229
Chapter 8 – Managing Services for Traffic
Filtering
The ACL and BWM modules can use Services to filter traffic. Services classify traffic based on Layer-
3–7 criteria. A Service is a configuration of a basic filter, which may combine with logical operators
to achieve more sophisticated filters (AND Group filters and OR Group filters). The ACL and BWM
modules support a long list of predefined basic filters. A basic filter includes attributes that specify
parameters such as protocol, application port, and content type. When the protocol of a basic filter is
TCP or UDP, the filter can include a text string.
You cannot configure Services in APSolute Vision. You can configure basic filters using Web Based
Management.
You can configure Services (using Web Based Management) separately from policies. When you
configure a policy, you can associate it with an existing Service.
This section contains the following topics:
•
•
AND Group Filters, page 235
•
•
Viewing Active Services, page 237
Basic Filters
The ACL and BWM modules support an extensive list of predefined basic filters (see
Predefined Basic
Filters, page 230
). Using Web Based Management, you can also create your own basic filters.
A basic filter includes the following components:
•
Protocol—The specific protocol that the packet should carry. The choices are IP, TCP, UDP,
ICMP, NonIP, ICMPV6, and SCTP. If the specified protocol is IP, all IP packets (including TCP and
UDP) will be considered.
When configuring TCP or UDP protocol, the following additional parameters are available:
—
Destination Port (From-To)—Destination port number for that protocol. For example, for
HTTP, the protocol would be configured as TCP and the destination port as 80. The port
configuration can also allow for a range of ports to be configured.
—
Source Port (From-To)—Similar to the destination port, the source port that a packet should
carry in order to match the filter can be configured.
•
Offset Mask Pattern Condition (OMPC)—The OMPC is a means by which any bit pattern can
be located for a match at any offset in the packet. This can aid in locating specific bits in the IP
header, for example. TOS and Diff-serv bits are perfect examples of where OMPCs can be useful.
It is not mandatory to configure an OMPC per filter. However, if an OMPC is configured, there
should be an OMPC match in addition to a protocol (and source/destination port) match. In
other words, if an OMPC is configured, the packet needs to match the configured protocol (and
ports) and the OMPC.
Content Specifications
When the protocol of a basic filter is TCP or UDP, you can search for any text string in the packet.
Like OMPCs, a text pattern can be searched for at any offset in the packet. HTTP URLs are perfect
examples of how a text search can help in classifying a session.
Summary of Contents for DefensePro 6.02
Page 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Page 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Page 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Page 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Page 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Page 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Page 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Page 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...