To add a traffic interception exclusion, run the following command:
kesl-control --add-bypass-endpoints --direction <in|out> --remote-ip <remote IP address> --dst-port <destination port>
where:
<in|out> is the direction of traffic in the excluded connection. You can configure an exclusion for inbound traffic or for outbound traffic.<remote IP address> is the IPv4 or IPv6 address of the remote device. Depending on the traffic direction, traffic coming from the specified IP address (exclusion for inbound traffic) or traffic going to the specified IP address (exclusion for outgoing traffic) is excluded.<destination port>, depending on traffic direction:In an exclusion, you may specify an IP address of the remote device without a port or a destination port without an IP address.
If you specify only the IP address of the remote device in an exclusion for inbound traffic (without specifying a port on the protected device), all traffic from the remote device is excluded from interception. We recommend configuring this exclusion only for traffic from devices that you trust.
To view the list of configured traffic interception exclusions, run the following command:
kesl-control --list-bypass-endpoints
The following information is displayed for each exclusion: