Exclude source or destination IP from PurView ?

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Answered
Our Custerom uses a S8 as his Core Device, where is connected to all sublevel switches and directly to PurView Sensor and a VM Cluster of 2 maschines with more then 8 connections on the Core Switch.

We have enabled PurView redirect Policy on all Ports as it should be.

But, the have also solution based on 2 virtual maschines to check the status of Servers, Switches Printers and many other things that is able to handle SNMP. One of this virtual maschines defines when and what devices will be connected next (=Server) and the other one is working as a "Agent" that really handle all this polling jobs. 

There are so many poll's from and between this 2 virtual servers that we run into a licence violation of PurView.

Is there a possibiltiy to leave the related physical Interfaces in Policy mirror state but will exclude traffic from and to the virtual servers/agents?
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,498 Points 5k badge 2x thumb
Rainer, this should be possible. 
But to be clear-you want to exclude two IP addresses from all reporting, or those IP only for certain protocols?
Please advice.
(Edited)
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
Hey Mike

It would be great if we could exclude the IP addresses completely. We don't want to see any traffic from that specific devices/ip addresses.

Could you please advice me how we can do this?
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,498 Points 5k badge 2x thumb
So, I will start off with this - the exclusion commands below will not assist in the FPM count. They are all still there coming into the appliance. We are just choosing to not report on them.

So from Oneview -> Applications -> Purview Appliance -> Configuration ->Configuration Properties
From there, add in your exclusions, and then enforce them.

Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
If I would use a firewall (iptables) on the PurView Appliance this should assist the FPM count, right?
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,498 Points 5k badge 2x thumb
Rainer, that will not work, as we are measuring based on the inbound Netflow data coming into the appliance, so there is no easy way to filter out that data from within the Netflow records themselves.
(Edited)