How do I use Exceptions?

Note: While the term "Exception" naturally implies NOT filtering (which is often true), there are options that allow additional filtering, such as TCP/UDP port numbers to block. Setting up an Exception (referred to as a "Filter Exception" in previous releases of iPrism) really means handling a filtering-related exception condition, resulting in reduced or additional filtering.

Creating Exceptions

How Do I ...

iPrism Filtering Table

Adding Exceptions

  1. From the iPrism home page, click Users & Networks, then select Exceptions.

  2. In the Exceptions frame, click Add.

  3. Type a name for the Exception in the Name field.

  4. Select the type of Exception:
    No Filter
    : Traffic will pass unfiltered through the specified Source and Destination range of IP addresses, or the specified port.
    Block
    : Traffic destined for the specified IP address range OR the specified port(s) will be blocked.
    NAT (Network Address Translation)
    : NAT replaces  the IP address of the sender (i.e., the user) with the IP address of iPrism, for outbound traffic. A reverse translation is done to any responses coming back. The effect of NAT is that requests look like are coming from iPrism only. This setting hides the IP addresses of your internal workstations from the Internet. (transp. mode only)
    No Authentication
    : Traffic destined for the IP address range will not be authenticated.
    No Authentication & NAT
    : Combines NAT with No Authentication in one option.

    Note
    : Exception types are applied in order of priority based on the type. For example, if a "No Filter" exception has been created for an IP address range, and later a subsequent "Block" exception is created for that same IP address range, the "No Filter" exception wins, as iPrism encounters that type of exception first; thus, traffic will pass unfiltered through that IP address range.

  5. Type the IP address range for the sending machine or set of machines in the Source IP Start and End fields.

  6. Type the IP address range for the receiving machine or set of receiving machines in the Destination IP Start and End fields.  

  7. If this exception applies to all ports, select All Ports. If it applies only to specific ports, select Specific Ports and type the ports to which this exception applies. Multiple ports must be separated by commas. A range of ports can be specified as well (e.g., 80 — 120, or 1 — 79, 81 — 65535).

  8. In Protocols, check whether the protocol is TCP or UDP. If you select both TCP and UDP, all IP protocols will be blocked including ICMP and others. (At least one must be selected.)

  9. Click OK.

  10. Click Save at the bottom of the Exceptions window, then click Activate Changes to activate these changes immediately (if you do not Activate Changes now, you will be prompted to do so before logging out of iPrism).

 

The following examples demonstrate common Exceptions use cases.

Example 1: Your company has internal servers, and you don't want iPrism to filter traffic destined for these internal servers.

In this example, the users' IP addresses are in the 10.x.x.x range, and the servers are in the 192.168.x.x subnet.

Exception_DoNotFilterInternal.jpg

Example 2: You want to block access to all ports except port 80

In this example, all ports except port 80 are blocked on the internal subnets in the 192.168.x.x range.

Exception_BlockAllExc80.jpg

Example 3: Employee needs unfiltered access to a specific IP address

In this example, the employee's IP address is 10.1.2.3, and the server to which the employee needs unfiltered access is 63.112.169.1.

Exception_UnfilteredtoSpecificIP.jpg

Example 4: A group of employees should be blocked from accessing a certain Intranet server range

In this example, the users' IP addresses are in the 10.x.x.x range, and the servers are in the 192.168.x.x subnet.

Exception_BlockfromIntranet.jpg

To Edit an Exception

  1. In the Exceptions window, click Edit.

  2. Make any changes to the exception.

  3. Click OK to save your changes, or Cancel to cancel.

  4. When you are finished editing exceptions, click Save at the bottom of the Exceptions window.

  5. Click Activate Changes to activate these changes immediately (if you do not Activate Changes now, you will be prompted to do so before logging out of iPrism).

To Delete an Exception

  1. In the Exceptions window, select an exception to delete and click Delete.

  2. Click Yes to confirm the delete, or No to cancel.

  3. When you are finished modifying exceptions, click Save at the bottom of the Exceptions window.

  4. Click Activate Changes to activate these changes immediately (if you do not Activate Changes now, you will be prompted to do so before logging out of iPrism).

 

 

How Do I ...

How do I NOT filter GoToMyPC on port 8200?

How do I NOT filter a workstation on my Network?

How do I NOT filter traffic going to a specific server?

How do I NOT filter traffic between Users and DMZ?

 

iPrism Filtering Table

This table identifies what protocols are filtered (green & red), the mode of operation (bridge/proxy), and the port number being 'scanned' by iPrism, which can be fixed or dynamic depending on protocol/mode. Brief comments identify a related attribute or requirement of the Protocol/Mode pair.

Protocol

Install
Mode

Port or Feature

Comment

HTTP

Proxy

80

Port 80 Directed by Web Clients or Policy Based Routing.

HTTP

Bridge

Any Port

Kernel-Level Packet Analysis

HTTPS

Both

443 & 563

Supports secure web connection to iPrism

IM/P2P

Bridge

Any Port

Filter List URL Analysis

IM Only

Proxy

Any Port

IM Clients must proxy to iPrism

UDP

Bridge

'Filter Exception'

Admin Identifies Port Number(s)

TCP

Bridge

'Filter Exception'

Admin Identifies Port Number(s)