IP Groups with Exclude Criteria alone

IP Groups with Exclude Criteria alone

IP Group Management lets you monitor departmental, intranet or application specific traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol.

We provide the option to create IP Groups with IP Criteria like IP address / IP Network / IP Network Range with Include, Exclude and Between Sites option.

This document is to provide details on the IP Groups created with only the Exclude criteria in do not reflect the expected output:

The IP Group criteria in NetFlow Analyzer works based on the IP and not the actual direction of the traffic.

During flow lookup , if the flow doesn't contain excluded ip then we add that conversation octet in both (Src , Dst) table .

So for Example, if we created a IP Group with the Exclude criteria of 1.1.1.1.

We will check if this IP is available in the flow data or not, if not then we will dump all the data for both IN and OUT traffic for that IP Group.

This is the reason we show the same data for IN and OUT traffic if a IP groups is created only with exclude criteria.

I Hope this helps in understanding the behavior for the IP Groups.

If you have any further quires, you can get support by send email to our support email address netflowanalyzer-support@manageengine.com

                  New to ADSelfService Plus?

                    • Related Articles

                    • Consolidated fix for NetFlow Analyzer Build 10250 for Stand Alone

                      Note: This can be done with NetFlow Analyzer build 10250 only. Take the backup of the files before replacing. For Distributed Edition, make sure to follow the steps in Central and Collector servers. The consolidated fix is available over 10250 which ...
                    • NetFlow Analyzer DB folder Migration after 12.5 and above

                      Please follow the below steps to migrate Postgres DB folder alone from one setup to another: Note: The steps can be followed between 2 installation of same version of application In Old Install: 1. Stop the OpManager Service from the Services ...
                    • UDP port block Message In NetFlow Analyzer

                      In NetFlow Analyzer we do two types of check in windows firewall, while flows are being received in server 1) Check if there is any allow rules created to allow UDP port say "9996" -Once our product find out this rule then flows collection will get ...
                    • Incorrect traffic information in Netflow analyzer

                      NetFlow Analyzer shows the information based on the flow Packets (NetFlow, sflow, Jflow, netstream etc..) exported by the device to the NetFlow Analyzer installed server. We have seen many customers come with the issue that the Utilization ...
                    • SNMP walk - check if the router is responding to NFA's SNMP Request.

                      How to check if the router is responding to NetFlow Analyzer SNMP Request For Version 12 and above: In a CMD prompt, navigate to the NetFlow installation directory (OpManager\troubleshooting\). Execute SNMPWalk.bat for windows or SNMPWalk.sh for ...