Network Monitor policies triggering on inbound SMTP
I have a network monitor using WinPcap to monitor a span port on a switch connected to the firewall. The network monitor can see all traffic outbound as well as inbound. Is there a network monitor configuration to to tell the monitor to just look at outbound traffic? I have searched the Admin guide,Symantec Connect, and the Symantec/Vontu DLP KB with no results.
Does anyone have any suggestions?