Expand my Community achievements bar.

Join us at Adobe Summit 2024 for the Coffee Break Q&A Live series, a unique opportunity to network with and learn from expert users, the Adobe product team, and Adobe partners in a small group, 30 minute AMA conversations.
SOLVED

Exclude internal employee traffic by VPN

Avatar

Level 2

Is it possible to exclude internal employee traffic by VPN? We have employees in a few states and countries and don't want their data included in our report suites. The knowledge base says you can exclude by cookie, IP address, and firewall, but nothing about VPN? Is it possible to configure this within the analytics UI, or do I need to go through your engineering services? If engineering service can do it, is there a number you can supply for that team? Thanks. 

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

When a user connects via VPN, the public (external) IP of the user changes to one of that provided by the organization. This is similar to that of a user actually being present in the organization's network.

You can get the list of public IP addresses of your organization where your team sits or connects to via VPN, and put them in the Exclude by IP tool.

View solution in original post

9 Replies

Avatar

Level 7

You would simply enter the IP address(es) given to the user on the VPN connection in to the exclude by IP section of Admin. Usually they are the same IP addresses as given to users when connected to the network from a business location.

Avatar

Correct answer by
Employee Advisor

When a user connects via VPN, the public (external) IP of the user changes to one of that provided by the organization. This is similar to that of a user actually being present in the organization's network.

You can get the list of public IP addresses of your organization where your team sits or connects to via VPN, and put them in the Exclude by IP tool.

Avatar

Level 6

My thoughts are rather than exclude your VPN traffic from being recorded because once the data is gone it's gone for good. is to work with Adobe to setup a vista rule for those IP addresses and either send them to another report suite. we used 'ipex' for ip exclusion' in the name so we had production and production ipex. but thinking more about it and how far segmentation has come we changed our rule a couple of years ago to set a prop for internal vs external users of our web site. since our internal users are to some point users and sometimes purchasers etc so it was better to keep all the data together and then segment it out.

with virtual report suites it's even better. Get the vista rule created to set a prop (or evar) based on the internal ip addresses and then you have the report suite (say production) with ALL your data. create a virtual report suite and exclude your internal traffic 'product exclude internal traffic' and another report suite called 'production internal traffic only' then you have the best of all worlds.

Yes you have to pay for the internal server calls and for the vista rule but we found less than 1% of our traffic was internal and we have enough of a cushion on server calls to handle that 1%. No data is lost or discarded. The VISTA rule only cost a couple of thousand dollars to implement and I don't think there is a yearly maintenance cost. And we only have to update it if we add/remove IP addresses on our internal list. 

Again once you exclude data you can't get it back (or if you can Adobe will charge you a lot more than setting up a VISTA rule for IP exclusion or setting a variable). Yes it will take longer to update the IP list in the VISTA rule but if you have actual data you want to exclude (DOS attack etc) you will probably do that via your network engineers at the server level rather than at the analytics level. But you should be able to get Adobe engineering to update the rule quickly. They might even set things up to allow you to update the IP address list (Never asked them this and don't know if it's possible but usually most things are possible, they just haven't been asked for or investigated.

Avatar

Employee Advisor

@Warren, fantastic advice.

Also there is a way of creating a DB VISTA Rule, where the user can update/modify the IP addresses that the VISTA rule works on, without the interference of Adobe ClientCare or Consulting. The initial setup does require engaging the Adobe Consulting.