Current IP Filters in Scan Order workspace
The Current IP Filters in Scan Order workspace is used to display
IP filters beyond the first 500 IP Filters shown in the Current IP
Filters workspace. The filters are displayed in the order that the
stack would scan them to match them to packets.
One of the ways to display the Current IP Filters in Scan Order
workspace is to do the following:
- Right-click the IP Filters navigator item
for a specific TCP/IP stack.
- Select Workspaces and select the Current IP Filters link.
- Click the Link icon in the Current IP Filters In Scan Order Summary table and select Current
IP Filters in Scan Order. Rows of data are displayed that match
the scan order.
There can be tens of thousands of IP Filters. The query filter
implemented for this workspace retrieves up to 500 IP Filters at a
time.
The Tivoli Enterprise Portal displays 100 rows of IPSec Filters
at a time. Use the Tivoli Enterprise Portal scrolling controls or
change the page number at the top right of the table view to see the
remaining IP Filters from the current set of up to 500 IP Filters.
If more IP Filters exist beyond the set of 500 currently displayed,
a link named Current IP Filters In Scan Order By
Next Page will be provided in the right-click menu of
the Link icons for each row in the Current IP
Filters in Scan Order table view. Use this link to display each successive
group of 500 IP Filters. When no more IP Filters are available for
display, the link will not appear in the right click menu. If you
have already used the Current IP Filters In Scan
Order By Next Page link to display additional IP Filters, another
link named Current IP Filters In Scan Order By Previous
Page can be used to return to the previous set of 500 IP Filters.
Summary information is displayed in the Current IP Filters Attributes Summary
table. See Current IP Filters in Scan Order Summary table for a list
of other workspaces that can be accessed by clicking the Link icon
in the Summary table.
The Current IP Filters in Scan Order workspace contains the following
views:
- Five Filters With Most Total Packets Matched:
Displays the five filters that have the highest number of total packets
that matched the filter's condition and action in the Current
IP Filters table.
- Five Filters With Most Total Packets Denied By
DENY: Displays the five filters that have the highest number
of total packets that matched the filter's condition and for
which the action was DENY.
- Five Filters With Most Total Packets Denied by
Mismatch: Displays the five filters that have the highest number
of total packets that matched the filter's condition but did
not match the filter's action (for example, if a packet was sent "in
the clear" but the action was coded as IPSec). This view can
provide an indication of a configuration problem such as packets flowing
in the clear when they should be encrypted.
- Current IP Filters in Scan Order Summary table:
Provides performance and configuration data about IP filters that
are grouped on the same logical page.
Current IP Filters in Scan Order Summary table
The Current IP Filters in Scan Order by Same Page Summary table
provides performance and configuration data about the IP filters that
are grouped on the same logical page. The filters are displayed in
the order that they would be scanned by the TCP/IP stack when it compares
them to packets.
For a complete list of the attributes available in the Current
IP Filters in Scan Order by Same Page Summary table, and a brief description
of each, see the Current IP Filters Attributes help panel.
The following additional workspaces can be accessed by clicking
the Link icon in the Current IP Filters in Scan
Order Summary table:
- Dynamic IP Tunnels by Filter Rule Definition Name workspace:
This link navigates to the Dynamic IP Tunnels by Filter Rule Definition
Name workspace and shows tunnels that have a Filter
Rule Definition Name that matches the name of the selected filter.
This is a conditional link and is displayed in the list of available
links only if the filter Type is DYNAMIC (4),
NATTDYN (6), or NRF (7).
- Dynamic IP Tunnels by Tunnel ID workspace:
This is a conditional link displayed in the list of available links
only if the filter Type is DYNAMIC (4), NATTDYN
(6), or NRF (7). This link navigates to the Dynamic IP Tunnels workspace
and shows tunnels that have a tunnel ID that matches the tunnel ID
associated with the selected filter.
- Manual IP Tunnels by Tunnel ID workspace:
This is a conditional link displayed in the list of available links
only if the filter type is MANUAL (2). This link navigates to the Manual IP Tunnels workspace and shows tunnels that have a tunnel
ID that matches the tunnel ID associated with the selected filter.
- The Current IP Filters In Scan Order By Previous
Page workspace: This conditional link is displayed in the list
of available links only if the page number for the selected link is
greater than 0. This link navigates to the Current IP Filters in
Scan Order workspace and shows the IP filters that have a page number
that is 1 less than the page number for the selected filter. If the
active filters have changed significantly between collection intervals
(for example, if the filter set in use was switched or a large number
of filters became inactive), this link will display a workspace with
no filters.
- Current IP Filters In Scan Order By Next Page
workspace: This conditional link is displayed in the list of
available links only if the page number for the selected link is less
than the value in the Last Page column of the selected row. This
link navigates to the Current IP Filters in Scan Order workspace and
shows the IP filters that have a page number that is 1 more than the
page number for the selected filter. If the active filters have changed
significantly between collection intervals (for example, if the filter
set in use was switched or a large number of filters became inactive),
this link might display a workspace with no filters.
- Current IP Filters By Destination Address (default):
This link causes a dialog box to be displayed that prompts you for
a destination IP address that is compared to the currently active
filters for a TCP/IP stack. The IP address input field in the dialog
box is filled in by default with the value from the Destination
Address column for the selected filter, but you can change this
value to be another IPv4 or IPv6 address found on this TCP/IP stack.
Specify an IP address that has the same IP address version as the
selected filter. If you specify an IPv6 address and the selected filter
has an IPv4 address, then the linked-to workspace will not find any
filters to display. With this address as input, this link navigates
to the Current IP Filters By Destination Address workspace showing
the IP filters that match the destination IP address that you provided.
Note that if the Destination Address column
in the Summary table is blank, the IP address input field in the dialog
box is filled with an IP address that has a value of zero (0) for
all subnets in the address.
See also: