Egress Filters for Additional Filtering Capabilities
Egress filters provide additional filtering capabilities when applied on tool or hybrid ports in a policy. Egress filters are used to pass or drop the traffic and can be combined logically using 'AND' and 'OR' operators.
Note: The number of egress filters vary depending on the platform. Refer to the Port Filters section for the number of filters allowed for each platform.
To apply egress filter for a tool port in a policy:
- Select the tool port or the hybrid port for which you need to add filters.
- Click the Egress filter icon and click Edit.
- Click Add a Rule.
- Select the required conditions.
- To create an egress filter with logical AND: In a single rule, create multiple conditions. That is, create Rule 1 with conditions for filtering IPv4 traffic and source port as '443'. Traffic will get filtered to the tool only if both of these conditions are true.
- To create an egress filter with logical OR: Create multiple rules with required conditions. That is create Rule 1 to filter IPv4 traffic and Rule 2 to filter traffic from source port ''443'. Traffic will get filtered to the tool even if one of the condition is true.
- Define a name to each of the rules created and click Save.
- You can click Pass or Drop against each of the rules to either pass the traffic to the destination or to drop the traffic. Refer to the following notes for pass and drop rules:
- Drop rules are applied first.
- If there are only drop rules, then all the traffic except that specified in the drop rule(s) will be passed.
- If there are only pass rules, only the traffic specified in the pass rule(s) will be passed and all other traffic will be dropped.
- If there are both drop and pass rules, only the traffic specified in the pass rule(s) that does not also match the drop rule(s) will be passed.
Note: Use the edit icon to edit the egress filter directly from the canvas. If you edit the egress filter in edit mode, the Deploy button is disabled.