To add a new filter list, do the following:
1. Select Filters in the menu bar.
2. On the Filters page, select the Filter List heading in the Filters Tree.
3. Click Add at the bottom of the page.
4. On the Create Filter List dialog box, enter a unique name for the filter list in the Name box.
5. Optionally, enter a description for the filter list in the Description box.
6. Click Save to save the new filter list.
Adding a Filter List to an Existing Filter List
To add a filter list to an existing filter list, do the following:
1. Select Filters in the menu bar.
2. On the Filters page, select the Filter List heading in the Filters Tree.
3. On the Filter Lists page, select the link for the filter list that you want to add a filter list to.
4. On the Filter List page, click Add Filter List at the bottom of the page.
5. On the Create Filter List dialog box, select the New option to create a new filter list, or select the Existing option to add an existing filter list, and then do the following:
• If you selected New, enter a unique name in the Name box and enter an optional description in the Description box, and then click Save.
The new filter list is added as a child of the selected filter list.
• If you selected Existing, select the check box next to the filter list or lists that you want to add as child lists, and then click Save.
Note: You cannot add a filter list to itself as a child filter list. The filter list that you
The existing filter list is added as a child of the selected filter list.
4.2.2. Adding Filter Rules and Qualifiers
A filter includes an IP address or range to restrict communications. A qualifier is an exception to the filter rule that specifies a protocol/port or IP address or range. Qualifiers are listed in a qualifier set, which can be added to a filter. A filter that includes one or more qualifier sets is called a qualified filter. You can add new or existing qualifier sets to a filter, and new qualifier sets that you add can be saved so that you can add them to additional filters.
To add a qualified filter to a filter list, do the following:
1. On the Filters page, select the Filter List heading in the Filters Tree.
2. On the Filter Lists page, select the link for the filter list that you want to add a qualified filter to.
3. On the Filter List page, click Add Qualified Filter at the bottom of the page.
4. On the Create Qualified Filter dialog box, select Range or IP from the Type list to specify whether the filter applies to a range of IP addresses, or a single address.
5. Select the appropriate IP version (where 4 is used for IPv4) from the IP Version list.
Note: If you select Both, the wildcard value is entered, and you cannot enter any other values on this page.
6. Specify the IP address or range to filter, as follows:
• If you selected IP from the Type list, enter the address to filter in the IP Address box using dot-decimal notation for an IPv4 address.
Optionally, specify a subnet range by entering the IP address and subnet mask in CIDR notation in the IP Address box or by entering a subnet mask for the IP address in the Mask box. If you enter the subnet mask in the IP Address box, the Mask box is dimmed. (If you selected Range from the Type list, the IP Address box and Mask box are dimmed.)
• If you selected Range from the Type list, enter the first address in the range in the IP Start box, and enter the last value in the range in the IP End box. (If you selected IP Address in the Type list, the IP Start box and IP End box are dimmed.)
7. Click Save to save the filter, or click Next and do the following to add one or more qualifier sets to the filter (for example, specific protocols or port numbers):
a. On the Qualifier(s) for IP dialog box, click New to create a new qualifier set.
b. On the Qualifiers List>>New screen, select the Protocol/Port tab to add an include or exclude protocol/port qualifier set, or select the IP tab to add an exclude IP address or range qualifier set, and then click Add.
Note: A qualifier set can only include Protocol/Port qualifiers or IP qualifiers. To include both Protocol/Port qualifiers and IP qualifiers in a filter, you must create more than one qualifier set.
c. Enter a unique name for the qualifier set in the Name box.
Note: You can create a qualifier set without entering a name; however you can only use this qualifier set with the filter list that you are creating it for. Unnamed qualifier sets will not appear in the list of available qualifier sets for filter lists other than the one they were created for.
d. Optionally, enter a description for the qualifier set in the Description box.
e. If you are adding a Protocol or Port qualifier, do the following:
• Select Include or Exclude from the Include/Exclude list.
• Select the desired protocol or protocols from the Protocol list.
If you select Include, you can select * from the Protocol list to include all protocols.
If you select Exclude, you can select multiple protocols to exclude. To select more than one protocol to exclude, hold the Ctrl key and click the desired protocols in the list.
• If you selected Include, and you selected the TCP or UDP protocol, specify local and remote ports to filter inbound and outbound traffic in the Local Port box and Remote Port box. In the Local Port and Remote Port boxes, you can enter a wildcard (*), a single port between 1 and 65535, or a range of ports (separated by a hyphen).
If you specified a range of ports or a wildcard, and you want to specify ports to exclude from that range, select the Except option, and specify the ports to exclude.
Note: UPD protocol is not supported by Stealth(cloud) for AWS.
See3.5.3 Local and Remote Port Filteringfor more information.
f. If you are adding an IP qualifier, select IP or Range from the Type list, select 4 from the Version list, enter the desired IP Address and optionally enter a valid subnet mask in the Mask box, or IP Start and IP End (if you selected Range).
Notes:
• IP qualifiers within the qualifier set cannot overlap, and each must be valid within the address range specified for the filter list.
g. If you added more than one qualifier to the qualifier set, you can use the arrow buttons on the right side of the dialog box to specify the priority order of the qualifiers in the set.
To clear all of the qualifiers in the set, click Clear. To delete a single qualifier from the set, select it and click Delete.
h. When you have finished adding and ordering the qualifiers, click Save Qualifier to save the qualifier set.
i. Click Back at the bottom of the dialog box to return to the Qualifiers List.
The new qualifier sets that you added to the filter display on the Qualifier(s) List for IP dialog box. Qualifier sets are used in the order that they appear in this list.
j. To change the priority ordering of the qualifier sets, click Next; otherwise, click Save to save the filter list, including all filters and qualifiers that you added.
k. If you clicked Next, on the Change priority for IP dialog box, select and drag the qualifier sets in the desired order, and then click Save to save the filter list including all filters and qualifiers that you added, or click Back to make additional changes to the qualified filter.
To view and modify your qualifiers, or to create additional qualifiers that you can assign to qualified filters, select the Qualifier heading in the Filters Tree.
4.2.3. Adding and Configuring Filter Sets
A filter set is a group of filter lists that you apply to a COI or to a role to control network traffic with specific endpoints.