Working with Network Access Scopes in Network Access Analyzer

With Network Access Analyzer, you can specify your network access requirements by using Network Access Scopes. A Network Access Scope defines outbound and inbound traffic patterns, including sources, destinations, paths, and traffic types. Each Network Access Scope consists of one or more match conditions, and zero or more exclusion conditions.

When you start an analysis on a Network Access Scope, Network Access Analyzer produces findings. It identifies network paths in the Network Access Scope that match at least one of the match conditions, and none of the exclude conditions. By combining match and exclude conditions, you can refine the findings produced by Network Access Analyzer to identify unexpected connectivity in your network.

Match and exclude conditions have similar structures. They consist of resource statements and packet header statements that specify the network traffic to match or exclude.