Prefiltering

Prefiltering allows you to filter the traffic at UCT-Vs before sending it to the GigaVUE V Series Nodes.

Create a Prefiltering policy template

In GigaVUE‑FM, you can:

  • Create a prefiltering policy template that includes rules and filter values.

  • Apply the template to multiple monitoring sessions.

    A monitoring session can use only one template at a time.

  • Define a maximum of 16 rules in a monitoring session.

Editing a Monitoring Session

While editing a session, you can modify the policy template with required rules and filter values. These changes apply only to that session. GigaVUE‑FM does not save these changes to the template.

Guidelines for prefiltering in Next Generation UCT-Vs are:

  • Prefiltering is supported on Next Generation UCT-Vs. It is not available in the classic mirroring mechanism.

  • Both Linux and Windows UCT-Vs support Prefiltering.

  • A monitoring session supports only one prefiltering policy. All agents in the session use the same policy.

  • If multiple monitoring sessions share the same agent, and if one session does not use prefiltering, the system disables prefiltering. It applies a PassAll policy instead and forwards all traffic without filtering.

Create Prefiltering Policy Template

GigaVUE‑FM allows you to create a prefiltering policy template with a single rule or multiple rules. You can configure a rule with a single filter or multiple filters. Each monitoring session can have a maximum of 16 rules.

To create a prefiltering policy template,

  1. Go to Traffic > Resources > Prefiltering and select UCT-V.

  2. Select New.

  3. In the Template Name field, enter the name of the template,

  4. In the Rule Name field, enter the name of a rule.

  5. Select one of the following options:

    • Pass: Allows the traffic.

    • Drop: Blocks the traffic..

    If no prefilter rules are defined, traffic is implicitly allowed. When rules are defined, an implicit drop rule applies. Traffic that does not match any specified rule is dropped.

  6. Select one of the following options:

    • Bi-Directional: Allows the traffic in both directions of the flow. A single Bi-direction rule requires 1 Ingress and 1 Egress rule.

    • Ingress: Filters incoming traffic.

    • Egress: Filters outgoing traffic.

    When using loopback interface in Linux , you can use only Bi-directional.

  7. Select a priority value from 1-8.

    • 1: Select the value as 1 to pass or drop a rule in top priority.

    • 2-8: Select the value as 2, 3, 4 to 8, where 8 indicates a rule with the least priority. Drop rules are added first based on the priority and then pass rules are added.

  8. Select one of the following options as Filter Type:

    • L3

    • L4

  9. Select one of the following options Filter Name:

    • ip4Src

    • ip4Dst

    • ip6Src

    • ip6Dst

    • Proto: Applies to both ipv4 and ipv6.

  10. Select one of the following options for Filter Relation:

    • Not Equal to

    • Equal to

  11. In the Value field, enter the source or destination port.

  12. Select Save.

    Select + to add more rules or filters or select - to remove a rule or a filter.

To enable prefiltering, refer to Monitoring Session Options.