On the Border Gateway Protocol > Filter List page you can create filter lists used to regulate traffic between networks based on IP address or AS number.
To create a filter list, do the following:
On the Filter List page, click New BGP Filter List.
The Add BGP Filter List dialog box opens.
Make the following settings:
Name: Enter a descriptive name for the filter list.
Filter by: Select whether the filter should match the IP address of a particular router or a whole AS.
- IP address: In the Networks dialog box, add or select hosts or networks the filter should apply to. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
- AS number: In the AS Regex box, use BGP regular expressions to define AS numbers the filter should apply to. Example: _100_ matches any route going through AS100.
Networks: Add or select networks and/or hosts that should be denied or permitted information on certain networks. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Action: From the drop-down list, select an action that should be taken if a filter matches. You can either deny or permit traffic.
- Deny: If you deny a network for a particular neighbor via the Filter In field on the Neighbor page, Sophos UTM on AWS will ignore announcements for that network. If you do the same via the Filter Out field, Sophos UTM on AWS will not send announcements to that neighbor for that network.
- Permit: If you permit a network for a particular neighbor via the Filter In field on the Neighbor page, Sophos UTM on AWS will receive announcements for that network only. If you do the same via the Filter Out field, Sophos UTM on AWS will send announcements to that neighbor for that network only, but not for any other network you might have defined on the Global or Systems page.
Note – If the filter rule is set to Deny for a network and to Permit for a host on the same network, the traffic will be denied. To pass traffic to specific hosts only, the rule set should be Permit for the network and Deny for all hosts except the specific hosts.
The filter list appears on the Filter List list.
You can now use the filter list on a neighbor definition.