Protocol Filter

The major functionality of the Protocol Filter App is to ensure that it blocks restricted traffic to enter the network. The app blocks a range of protocols, regardless of which website or application the protocol is used to communicate with. The protocols are identified by traffic contents and by the port and traffic type.

The Protocol Filter application is not available by default. It can be installed from Marketplace in the left-hand navigation panel.

Left-hand Navigation Panel > Security Configuration > Protocol Filtering > Application Filter crystal-eye-xdr-navigation-protocol-filter

The Crystal Eye XDR has multiple applications like Intrusion Protection & Detection and Advanced Firewall application that allow users to block a protocol throughout the network. Nevertheless, the Protocol Filter application adds on to the ability of the CE XDR to offer more options to configure restrictive firewall policies.

Note: Consider using the Traffic Rules feature of the Advanced Firewall application If there is a requirement to block a protocol for a selective traffic in the Crystal Eye XDR network.

Let’s learn how to use the protocol filter application to block protocols

Step 1: In the Protocol Filter application, click the Edit button in the Blocked Protocols section. crystal-eye-xdr-block-protocol1

Step 2: You will now see the Blocked Protocols page. Click the tick box next to the protocol that needs to be blocked and click the Update button. crystal-eye-xdr-block-protocol2

The protocol whitelisting feature allows users to whitelist hosts in the CE XDR network after a protocol is blocked using this application.

How to Whitelist a blocked Protocol?

Step 1: In the Protocol Filter application, click the Add button in the Whitelist section. crystal-eye-xdr-whitelist-protocol1

Step 2: You will now see the whitelisting page. Enter the host IP address to whitelist it. crystal-eye-xdr-whitelist-protocol2