Filter Types

This topic applies to both ViPNet Coordinator and ViPNet Client.

1. Broadcast Filter

<Broadcast IP packets for all protected hosts> in the Private Network defines the filtering rules for all encrypted broadcast packets.

<Non-encrypted broadcast IP packets> in the Public Network defines the rules for all non-encrypted broadcast packets.

Broadcast filters pass:

nbname (port 137) and nbsession (port 138) broadcast IP packets, which organize the NetBIOS service (defining network names).
bootp (67 and 68 ports) broadcast IP packets, which allow the DHCP service to receive the IP address of a computer when it's loading.
iplirdatagram (port 2046) broadcast IP packets, which assist ViPNet network functioning (broadcast IP packets for all protected hosts filter in the Private Network window only).

Note: The operation of broadcast filters isn't influenced by the settings of other filters.

2. Main Filter

<All IP packets> in the Private Network defines the general filtering rule for all ViPNet users.

<All unregistered IP addresses> in the Public Network defines the general filtering rule for all non-encrypted IP packets (those related to unregistered IP addresses). By default, the <All unregistered IP addresses> filter blocks all unregistered IP packets, except the following:

incoming UDP packets with ports 138 (own and other) from all unregistered IP addresses. This means, if a computer with ViPNet software works as a master browser, other computers in the local network without ViPNet software won't lose access to shared folders in the local network. If security level 3 is set, this filter provides this service.
incoming and outgoing ICMP packets with type 3 and code 4 for all unregistered IP addresses. This filter is necessary for the correct operation of computers with network hardware equipment (eg, some DSL modems, Wireless devices), on which the MTU (Maximum Transmission Unit) value can be set less than standard one for Ethernet.

3. Individual Filter

This filter is used for a specific ViPNet user from the Private Network. You can create filters for each ViPNet node by right-clicking the node and selecting Access Rules > Add protocol filter from the pop-up menu. Individual filters are displayed under the user's name in the Private Network list.

This filter is also used for a specific address or address range in the Public Network.

4. Network Adapter Filter (Interface Filter used for Coordinator Only)

For the Public Network, this filter defines a general filtering rule for all open IP packets (outgoing and incoming) passing through this network interface. The filter name contains the IP address and name of the corresponding network adapter.

5. Protocol Filter

This filter defines a filtering rule for IP packets based on their IP address, protocol and selected protocol parameters (eg. port numbers, transmission direction). The Protocol filter can be created as a second-level filter for one of the above filter types.

6. Microsoft SQL Filter

This filter can be used when ViPNet Coordinator is installed on a Microsoft SQL Server to limit ViPNet user access to the SQL Server, or to prevent undesirable incoming information. The filter uses the TDS protocol (a special data transfer protocol for MS SQL data transmission). Microsoft SQL filter is a second-level filter for a first-level individual filter in the Private Network.

Note: Filter types 1, 2, 3 and 4 are first-level filters. Filter types 5 and 6 are second-level filters.