Views:
The Reputation filters table displays the available Reputation and Geographic filters. The filters are in precedence order so as to resolve overlapping criteria.
To access the table, select Profiles > Inspection Profiles > [Profile Name] > Reputation/Geo and select the Filters and Settings tab.
Column Definition
Order Displays the order number and precedence in which the filter is applied in the Reputation engine. By default, the Reputation and Geographic filters display in the order in which they were created.
The Reputation engine matches the first filter, applies the selected action, and does not apply additional filters listed in the Reputation Filters table.
State Displays whether a filter is active. A check mark indicates that the filter is active and can be distributed to a device.
Locked Determines whether a filter can be edited.
Action Determines what occurs when traffic matches a filter. Learn more: Learn more about actions.
IPv4 Indicates whether the entry type has an IPv4 address.
IPv6 Indicates whether the entry type has an IPv6 address.
Domain names Indicates whether the filter will match domains in a DNS request, an HTTP URI, or a TLS SNI. For HTTP URI, HTTP Context must be enabled on the profile detail dialog box. DNS requests can only be seen and enforced if the device is between the client and the DNS server.
To match subdomains, domain wildcards are supported. The top-level domain cannot be a wildcard. The following examples show valid domain wildcards:
  • *.org matches all .org domains
  • *.bad.com matches all subdomains of bad.com, such as this.bad.com
Note
Note
A domain wildcard must be the leftmost character in the domain and must be followed by a period (.). The following examples are not valid domain wildcards:
  • b.*.com
  • *b.com
File Hash Indicates whether the filter matches a file hash.
URL Indicates whether the filter matches a URL. To block all URLs from that server, type a single wildcard string ( \* ) after the domain name. For example, http://badwebsite.com/\*
Note
Note
Because the * character is a valid URL character, URL wildcards must be escaped with a bakslash (\).
Untagged/Tagged Untagged: A checkmark indicates that the Reputation filter will match all entries in the Reputation Database that do not have tags.
Tagged: A checkmark indicates that the Reputation filter will match all entries in the Reputation Database that have tags and will filter the entries by the criteria defined for the filter.
Criteria Criteria used for the selected filter based on tagged Reputation Database entries.
A Geographic filter will display the evaluation (inclusion or exclusion), country icon (if available), and the official name of the selected country, sorted in alphabetical order.
If a Geographic filter has an exclusion, Any displays to indicate that every other country in the database is included.