On the Border Gateway Protocol > Filter List page you can create filter lists used to regulate traffic between networks based on IP address or AS number.
To create a filter list, do the following:
On the Filter List page, click New BGP Filter List.
The Add BGP Filter List dialog box opens.
Specify the following settings:
Name: Enter a descriptive name for the filter list.
Filter by: Select whether the filter should match the IP address of a particular router or a whole AS Autonomous System.
- IP address: In the Networks dialog box, add or select hosts or networks the filter should apply to. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
- AS number: In the AS Regex box, use BGP regular expressions to define AS numbers the filter should apply to. Example: _100_ matches any route going through AS100.
Networks: Add or select networks and/or hosts that should be denied or permitted information on certain networks. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
Action: From the drop-down list, select an action that should be taken if a filter matches. You can either deny or permit traffic.
- Deny: If you deny a network for a particular neighbor via the Filter In field on the Neighbor page, Sophos UTM will ignore announcements for that network. If you do the same via the Filter Out field, Sophos UTM will not send announcements to that neighbor for that network.
- Permit: If you permit a network for a particular neighbor via the Filter In field on the Neighbor page, Sophos UTM will receive announcements for that network only. If you do the same via the Filter Out field, Sophos UTM will send announcements to that neighbor for that network only, but not for any other network you might have defined on the Global or Systems page.
Note – If the filter rule is set to Deny for a network and to Permit for a host on the same network, the traffic will be denied. To pass traffic to specific hosts only, the rule set should be Permit for the network and Deny for all hosts except the specific hosts.
The filter list appears on the Filter List list.
You can now use the filter list on a neighbor definition.