83NetBotz Appliance User’s Guide
Filter fields
Filter Action
The Filter Action field can be set to Accept or Reject. This is the action that will be applied to network
packets that meet the criteria specified in the filter.
IP Address
Specify either Include or Exclude. Include means the value as entered, while Exclude means all values
EXCEPT the one entered.
Enter an IP address in the field in the format xxx.xxx.xxx.xxx. The wildcard "*" can be used in the last two
segments of the IP address to specify "all", such as "192.168.*.*" to mean all addresses beginning with
"192.168.". You can also include an optional CIDR bit-mask (explained below).
Note: To specify all IP addresses, use the syntax "0.0.0.0/32". If you specify Exclude with 0.0.0.0,
for example,"Exclude 0.0.0.0/32", all network communications to your appliance will be blocked,
including further access through your Advanced View connection.
Protocol
Specify either Include or Exclude. Include means the value as entered, while "Exclude" means all values
EXCEPT the one entered. Specify the protocol from the drop-down list. Values are "All", "IP", "TCP", "UDP".
Note: In many cases, the port number in conjunction with a protocol name or number is the common
definition of a protocol. For example, the protocol "udp" and the port number "161" equals the
protocol "snmp".
Port
Specify either Include or Exclude. Include means the value as entered, while "Exclude" means all values
EXCEPT the one entered.
Enter the port number or range of port numbers using the syntax "xxxx:xxxx" (without the quotes). For
example, to apply the filter to the ports 100 to 300, enter "100:300" in the Port field of the filter.
The specified port numbers correspond to ports on the NetBotz appliance. Multiple individual ports can be
entered by separating the ports with a comma, such as "100,200,300" (no quotes) to apply the filter to only port
100, port 200, and port 300.
Note: For TCP-based transactions to succeed when the NetBotz appliance is acting as a
client, IP Filter rules must be set up so TCP ports 1024-4999 are allowed. The appliance
acts as a client during the following types of transactions:
• HTTP GET and POST Alert Actions and Periodic Reports
• Call Web Services Alert Receiver Alert Actions
• FTP Alert Actions and Periodic Reports
• Send E-mail Alert Actions/Periodic Reports
• Any Appliance initiated TCP/UDP communication with a remote server by hostname (DNS
resolution of the hostname may require TCP).
If you are using the NetBotz appliance with StruxureWare Data Center Expert, ports 1024 to 4999 must be
open to TCP traffic. Otherwise, alerts or surveillance activity generated by the NetBotz appliance will not be