IP Group Management lets you monitor departmental, intranet or application specific traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol.
We provide the option to create IP Groups with IP Criteria like IP address / IP Network / IP Network Range with Include, Exclude and Between Sites option.
This document is to provide details on the IP Groups created with only the Exclude criteria in do not reflect the expected output:
The IP Group criteria in NetFlow Analyzer works based on the IP and not the actual direction of the traffic.
During flow lookup , if the flow doesn't contain excluded ip then we add that conversation octet in both (Src , Dst) table .
So for Example, if we created a IP Group with the Exclude criteria of 188.8.131.52.
We will check if this IP is available in the flow data or not, if not then we will dump all the data for both IN and OUT traffic for that IP Group.
This is the reason we show the same data for IN and OUT traffic if a IP groups is created only with exclude criteria.
I Hope this helps in understanding the behavior for the IP Groups.
If you have any further quires, you can get support by send email to our support email address firstname.lastname@example.org