Configure Prefiltering
For prefiltering the traffic, GigaVUE-FM allows you to create a prefiltering policy template and the policy template can be applied to a monitoring session.
You can define a policy template with rules and filter values. A policy template once created can be applied to multiple monitoring sessions. However a monitoring session can use only one template.
Each monitoring session can have a maximum of 16 rules.
You can also edit a specific policy template with required rules and filter values for a particular monitoring session while editing a monitoring session. However, the customized changes are not saved in the template.
Rules and Notes
| Prefiltering is supported only in Next Generation UCT-Vs. It is not supported for classic mirroring mechanism. |
| Prefiltering is supported for both Linux and Windows UCT-Vs . |
| For single monitoring session only one prefiltering policy is applicable. All the agents in that monitoring sessions are configured with respective prefiltering policy . |
| For multiple monitoring session using the same agent to acquire the traffic, if a monitoring session uses a prefilter and the other monitoring session does not use a prefilter, then the prefiltering policy cannot be applied. The policy is set to PassAll and prefiltering is not performed. |
Create Prefiltering Policy Template
GigaVUE-FM allows you to create a prefiltering policy template with a single rule or multiple rules. You can configure a rule with a single filter or multiple filters. Each monitoring session can have a maximum of 16 rules.
To create a prefiltering policy template, do the following steps:
1. Go to Traffic > Resources > Prefiltering. Click UCT-V.
2. Click New.
3. Enter the name of the template in the Template Name field.
4. Enter the name of a rule in the Rule Name field.
5. Click any one of the following options:
| Pass — Passes the traffic. |
| Drop — Drops the traffic. |
Note: In the absence of a prefilter rule, traffic is implicitly allowed. However, once rules are defined, they include an implicit drop rule. Should the traffic not conform to any of the specified rules, it will be dropped.
6. Click any one of the following options as per the requirement:
| Bi-Directional —- Allows the traffic in both directions of the flow. A single Bi-direction rule should consist of 1 Ingress and 1 Egress rule. |
| Ingress — Filters the traffic that flows in. |
| Egress — Filters the traffic that flows out. |
Note: When using loopback interface in Linux UCT-V, you can configure only Bi-directional.
7. Select the value of the priority based on which the rules must be prioritized for filtering. Select the value as 1 to pass or drop a rule in top priority. Similarly, you can select the value as 2, 3, 4 to 8, where 8 can be used for setting a rule with the least priority. Drop rules are added based on the priority and, then pass rules are added.
8. Select the Filter Type from the following options:
| L3 |
| L4 |
9. Select the Filter Name from the following options:
| ip4Src |
| ip4Dst |
| ip6Src |
| ip6Dst |
| Proto - It is common for both ipv4 and ipv6. |
10. Select the Filter Relation from any one of the following options:
| Not Equal to |
| Equal to |
11. Enter the source or destination port value in the Value field.
12. Click Save.
Note: Click + to add more rules or filters. Click - to remove a rule or a filter.
To enable prefiltering for a Monitoring Session, refer to Configure Monitoring Session Options (Azure)
