Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1455
Views
5
Helpful
6
Replies

Enable ETF for IP reputation check in HAT, filter out certain traffic

liying.liu
Level 1
Level 1

‎01-24-2022 08:43 AM

Async OS 12.1 is used. The only entry provided to enable ETF for IP reputation check is through HAT. I have the need to filter out some traffic based on destination address, but couldn't find a way to add in the condition. Is it possible?

 

Thanks!

Labels:
6 Replies 6

SriramV
Cisco Employee
Cisco Employee

‎01-24-2022 10:26 AM - edited ‎01-24-2022 08:43 PM

no, it's not possible.

But I am really interested to know the use-case to filter out some traffic based on the destination address.

0 Helpful

liying.liu
Level 1
Level 1
In response to SriramV

‎01-24-2022 11:17 AM

Thanks for the reply, SriramV!

 

We are accommodating two departments which have 2 different domain name as destination address. ETF can only be applied to one department. When we perform domain, URL reputation check, we can define content filter with which we can add an condition to exclude the traffic of the other department. 

 

If there is an entry of IP reputation in content filter condition/action definition associated with ETF, we will be able to achieve the same. Unfortunately, it is not there. Is it because there isn't such customer requirement yet?

0 Helpful

Ken Stieers
VIP
VIP
In response to liying.liu

‎01-24-2022 11:35 AM

Sounds like you could deal with this on the inbound policy instead...

0 Helpful

liying.liu
Level 1
Level 1
In response to Ken Stieers

‎01-24-2022 11:39 AM

Thanks Ken.

 

Probably not, since ETF mechanism is provided to IP reputation check only in HAT. I am able to define content filter to do, for example, domain reputation check with ETF and add the content filter to inbound policy, but not for IP reputation check.

0 Helpful

Ken Stieers
VIP
VIP
In response to liying.liu

‎01-24-2022 11:59 AM

I think I'm still unclear on what you're trying to accomplish.

Inbound, you can split the mail up by company into different policies and then apply different content filters to each company.

Your other option, which is way more work would be a new ip and new listener for one domain... that gets its own HAT...

Might be simpler to create a new sender group that matches the etf, then use a message filter to stamp a header on mail that hit that sender group. Them in content policy, have it check that header and if headed for whichever domain cares about the etf...
0 Helpful

liying.liu
Level 1
Level 1
In response to Ken Stieers

‎01-24-2022 12:15 PM

The 2nd solution sounds interesting, I will give it a thought! Thanks!

ESA doesn't accommodate IP reputation check with ETF by way of content filter. ETF is only provided on HAT for IP reputation check. That is why 1st and 3rd solution wouldn't help.

0 Helpful
Customers Also Viewed These Support Documents