Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How do I create or edit a Traffic Management Filter on the SMS?

    • Updated:
    • 7 Aug 2017
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint SMS All
    • TippingPoint TPS All
    • TippingPoint Virtual SMS
    • TippingPoint Virtual TPS All
    • Platform:
Summary

Traffic Management filters react to traffic based on a limited set of parameters including the source IP address, destination IP address, port, protocol, or other defined values. As an example, you might define the following Traffic Management filters for your web servers in a lab that denies access to external users:

  • Block traffic if the source is on an external subnet that arrives through port 80 and is destined for the IP address of your web server.
  • Block traffic if the source is your web server, the source port is 80, and the destination is any external subnet.
Details
Public

How To: Create or Edit a Traffic Management Filter

  1. Log in to the SMS from a client.
  2. From the top navigation pane, click Profiles. The Profiles screen displays.
  3. From the navigation pane on the left, click the + sign next to the IPS Profiles to expand the category.
  4. From the navigation pane on the left, locate and expand the Profile you will be working with.
  5. Select the Traffic Management tab.
  6. The Traffic Management screen displays.
  7. Perform one of the following tasks:
    • To create a new filter, click New or right-click a selected filter and choose New.
    • To edit and existing filter, select a filter and click Edit or right-click the selected filter and choose Edit.
  8. The Create/Edit Traffic Management Filter dialog opens.
    • Locked: To lock the filter, select the Locked check box.
    • Inheritance: To use inherited settings, select these Inherited Settings checkbox. Note: This option is only available if the filter has been inherited from another Profile.
  9. For Filter Info, enter a filter name. The profile for the filter displays below the name.
    • Note: If you want to apply special handling for IP protocol packet fragments, check the appropriate box to create a filter for fragments only. Generally, this option is used on applications, such as streaming media. If you use this option to create special handling for packet fragments, you must create another rule to handle non-fragmented packets.
  10. Fraction, select one of the following actions for the filter:
    • Enabled: If the check box is not selected, the filter is disabled.
    • Block: Select to block traffic
    • Allow: Incoming traffic will be inspected using profile settings.
    • Trust: Incoming traffic will be trusted and not inspected.
    • Rate Limit: Select the rate limit form the drop-down box.
  11. For General Settings, specify any comment or description you want to add.
  12. For Network Settings, modify the following information:
    • Direction: Select the direction of the flow for the segment ports:
      • Port A to Port B
      • Port B to Port A
    • Note: To rate shape traffic for bi-directionality, you must create two filters: one for A -> B and one for B -> A. The button Create filters for both directions will create both filters for you.
    • Protocol: Select  Protocol: IP, TCP, UDP, or ICMP. If you selected the ICMP protocol, the filter displays the ICMP Settings: Type, Code
    • Source: Address: Enter a source IP Address and select the format as CIDR, IP Mask, or Any IP.
      • Port- Enter the Port. Default value is ANY.
    • Dest Address: Enter a destination IP Address and select the format as CIDR, IP Mask, or Any IP.
      • Port- Enter the Port. Default value is ANY.
    • Note: The Port option will be available or not depending on the Protocol option previously selected
  13. Save As: Select this option if you wish to edit a filter and save with different settings.
  14. Distribute: Use this option to distribute the filter.
  15. Click OK.

Traffic Management Filter Order Overview

When you create Traffic Management filters, you can modify the sequence they fire in by selecting a filter and using the Move Up and Move Down buttons at the bottom of the screen. In general, more specific filters should come first. For example, a more specific IP filter might block traffic with fully qualified source and destination IP addresses and ports. More general ones, like those that apply to subnets, should follow. Packets that match "allow" or "rate-limit" filters are inspected by other types of filters. In other words, the system does not allow attacks through because the packet matched an "allow" filter. You can also set the filters to trust traffic. Trusted filters instruct the IPS not to inspect the traffic, allowing the traffic to continue without comparing it with any other filter rules.

How To: Modify the Traffic Management Filter Order

  1. On the Traffic Management screen, move filters into an order for use by the system.
  2. Select the appropriate filter and click the appropriate button:
    • Move Up
    • Move Down
  3. The new order is automatically saved.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000086118
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.