User guide
iGuard/inSight User Guide
Release 7.0.0.4
143
This filter excludes Server Message Block/NETBIOS traffic.
Ignore SSH Traffic
This filter excludes secure shell traffic.
Ignore POP3 Traffic
This filter excludes Post Office Protocol traffic.
Ignore IMAP Traffic
This filter excludes Internet Message Access Protocol traffic.
Ignore HTTPS Traffic
This filter excludes secure HTTP traffic.
Ignore LDAP Traffic
This filter excludes Lightweight Directory Access Protocol traffic.
Ignore NTLM Traffic
This filter excludes NT LAN Manager traffic.
Base Configuration Capture Filter
This filter opens the system for storage of incoming data.
Create a Content Capture Filter
If you create a content capture filter, your capture filter actions are limited to dropping elements,
sessions, or dropping elements but storing their metadata.
For example, if you suspect you have a problem with illegal downloading, you could store all
BitTorrent traffic transporting filetypes like MP3 and AAC. If your organization has a vast library of
configuration-controlled image files, you could ignore all filetypes with extensions like MPEG, BMP,
JPG, GIF, TIF and PNG.
Suppose you want to create a filter to ignore all traffic to and from your web server that contains
RTP Real-time Transport Protocol files. This would eliminate a significant portion of network
activity, making it easier to focus on other types of traffic that you suspect may be compromised.
1. Select System > System Administration > Capture Filters.
2. Select Create Content Filter.
3. Enter a name and description.
4. Select a capture Action.
You can Drop Element (ignore the specified content), ignore the session containing it, or store only
metadata. In this case, you want to ignore MPEG and related RTP files.
Tip: These actions are explained in the Capture Actions topic.
5. Select the iGuard on which you want to install the filter. Select None if you don't want
to deploy it yet.
6. Save.
7. Define the filter.