How to setup IP filters for the Symantec DLP Monitor Server.
You must have the appropriate role provisioned with permissions assigned to make these changes.
For more details, please refer to the online help such as the 15.8 documentation found here:
https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/15-8.html
Modifications are made on the Enforce console for both default protocols that apply where applicable to any detection server attached and if specific traffic is going to be sent to specific monitors for inspection.
For additional information on adding or modifying protocols see the online help for the DLP version.
For 15.8, see https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/15-8/working-with-general-settings-vont_0235-d297e6924/about-protocol-filtering-vont_0195-d318e2585/configure-a-protocol-v23016805-d318e8.html#v23016805
Use the following general syntax for IP filtering:
-, <destination> , <source> drops all streams sent to <destination> from <source>
+, <destination> , <source> includes all streams sent to <destination> from <source>
Example
To exclude only IPs 1.1.1.1 and 2.2.2.2 and include all other streams, you could do the following
-,*,1.1.1.1;-,*,2.2.2.2;+,*,*
To include all streams going to network 10.67.x.x but exclude any other traffic, you could do the following:
+,10.67.0.0/16,*;-,*,*
For more information on filtering and protocols, visit the online help (from the console, click on the Help icon or visit the published documentation linked above.)