Access Control List (ACL)

VAS EXPERTS DPI allows to implement “smart” Access Control Lists (ACL). Unlike traditional network ACLs that define service ports or domain names on a third-tier OSI, access to which is allowed or denied, VAS EXPERTS DPI manages traffic up to the 7th level of OSI. This means that one can restrict or allow access to certain services, applications, resources for specific users or groups of users.

  • Operation on all levels of OSI according to the DPI technology.
  • Flexible configuration of access rules.
  • “White lists” for the subscribers.
  • Organization of Captive Portal (CP).


Examples of Use

‣ Subscriber access control with zero balance

When the subscriber has run out of funds on the account, their access to Internet resources is restricted until the balance is refilled. However, in order to refill, URLs and protocols of payment systems and online banks are entered in the white lists. Also, the provider can grant access to its own site, internal network resources, certain social networks and other resources, to which it is willing to grant access at no cost.

‣ Subscriber Identification in Wi-Fi Network

Stiffening of access rules through public Wi-Fi access points to the carrier’s network has made it necessary to identify the subscriber in one of these ways: by phone number, passport data of portal of state services. VAS EXPERTS DPI allows identification through access code that the subscriber gets on their mobile phone in SMS.


Access control at all OSI layers Access Control on All OSI Levels

DPI platform analyses all passing through packets up to OSI 7th level, and not only by standard ports numbers. Using signature and statistical analysis, one can define such app as P2P, IM, Email, VOIP, streaming video, gaming traffic, encrypted data, and configure access rules for each of them or any other network resource.

Access White Lists White Access Lists

The white list allows to restrict access to the sites and pages available to the subscriber, and redirects him or her to the specified page when trying to go beyond this list.

Создание Captive Portal (CP) Creation of Captive Portal (CP)

CP in the carrier’s network is used to provide the subscriber with the opportunity to refill the balance when funds on the account have run out. Access to the Internet is limited to sites of payment systems and banks, and work on the white list of sites is combined with limiting of the work on the list of protocols.

Flexible configuration of access rules Flexible Configuration of Access Rules

The carrier can combine white and black lists to allow or block access to certain resources (or even a resources pool) for an individual user or group of users. For example, list of resources restricted for a school..