Firewall Analyzer includes the option to specify networks, or a range of IP addresses to identify machines behind a firewall. This setup is identified as the Intranet. By adding the machines or IP addresses that are located within your network (LAN), you can identify and distinguish between traffic that is generated within your network, and traffic that is coming from, or destined outside your network.
Click the Settings > Admin > Exclude Hosts. The page contains the 'Configure all devices' link menu option. It lists all the hosts for each firewall device, that have been configured to be excluded from Firewall Analyzer reports. The table in the page lists the Device Name (names of the devices being monitored), Exclude Hosts (the IP Network, IP Range, IP Address).
Click the 'Configure all devices' link menu option to exclude hosts for all the devices. Click the each listed firewall, would enable you to configure the (intranet) private Network or IP Range or IP Address for each firewall.
The Configure Exclude Hosts page opens up. There is a provision to configure 'exclude hosts' for individual device, a group of devices, and all the devices.
Select the devices, for which you want to define the Intranet. All the available devices are listed in the Available Device(s) list. Select the devices and click right arrow. The selected devices are moved to the Selected Device(s) list. If you want to remove any device from the Selected Device(s) list, select the devices and click left arrow. The removed devices will be moved back to the Available Device(s) list.
Select a group of devices. You can also select a single device or all the devices from this screen. Click Save button to complete the device selection and click Cancel button to cancel the selection.
You can specify multiple intranet by clicking the Add More button and remove the additional intranet with Delete button.
Try to give minimum ranges/networks as much as possible.
For Example : If you have three private IP Network (say) 10.8.0.0, 10.9.0.0, and 10.10.0.0, each with Net Mask: 255.255.0.0, then instead of adding them separately, we would recommend you to give the entire private IP network : 10.0.0.0 with Net Mask 255.0.0.0, as this would improve the performance of Firewall Analyzer. The same is recommended for IP Range also, where you can mention Start IP: 10.0.0.0, End IP: 10.255.255.255 and this is applicable to Class B & Class C networks also.
For instance, if your are a MSSP (Managed Security Service Provider) who is monitoring firewalls of different client networks at different locations and all your clients could possibly end up with the same (intranet) private Network or IP Range or IP Address, then Configure all devices would serve the purpose of applying the common configuration across All Devices.
Once you are done, click Save to activate the new settings and click Cancel button to cancel the operation.