Hello,
there is different possibilities :
- 1/ Ask your network team to send you only outbound network packets. This will avoid your web preven to capture and analyze unexpected flows.
- 2/ Use a L7 filter to capture only flows coming or going to next network hop (in the right way). Many times you will receive some network packets which are routed to an other equipment after DLP. So you can avoid capturing packet going to this one.
-3/ In your DLP policy (but if you could do it there, you could do it at L7 level), add an exception for messages coming from this network equipment IP address.
-4/ If this equipment does not exist, you should have some IP address as source for outbound request and some URL domains for inbound request. So keep only the ones with IP addresses.
We could imagine other way to do it depending on your client architecture. But from my point of view the best way is the first one if network team is efficient, second one is the best if you want to keep control at DLP level, third one is only useful if you want to have some policies on outbound and some on inbound traffic.
Regards