User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

191

192

193

194

195

196

197

198

199

200

196 | IPv6 Support Dell Networking W-Series ArubaOS 6.4.x| User Guide

l For Session Idle Timeout, enter 60

3. Click Apply.

To configure firewall functions using the command line interface, issue the following commands in config

mode:

ipv6 firewall attack-rate ping 15

ipv6 firewall attack-rate session 25

ipv6 firewall session-idle-timeout 60

Understanding Firewall Policies

A user role, which determines a client’s network privileges, is defined by one or more firewall policies. A firewall

policy consists of rules that define the source, destination, and service type for specific traffic, and whether you

want the controller to permit or deny traffic that matches the rule.

You can configure firewall policies for IPv4 traffic or IPv6 traffic, and apply IPv4 and IPv6 firewall policies to the

same user role. For example, if you have employees that use both IPv4 and IPv6 clients, you can configure

both IPv4 and IPv6 firewall policies and apply them both to the “employee” user role.

The procedure to configure an IPv6 firewall policy rule is similar to configuring a firewall policy rule for IPv4

traffic, but with some differences. Table 18 describes the required and optional parameters for an IPv6 firewall

policy rule.

Field Description

Source

(required)

Source of the traffic:

l any: Acts as a wildcard and applies to any source address.

l user: This refers to traffic from the wireless client.

l host: This refers to traffic from a specific host. When this option is chosen, you must

configure the IPv6 address of the host. For example,

2002:d81f:f9f0:1000:c7e:5d61:585c:3ab.

l network: This refers to a traffic that has a source IP from a subnet of IP addresses.

When you chose this option, you must configure the IPv6 address and network mask of

the subnet. For example, 2002:ac10:fe:: ffff:ffff:ffff::.

l alias: This refers to using an alias for a host or network.

NOTE: This release does not support IPv6 aliases. You cannot configure an alias for an IPv6

host or network.

Destination

(required)

Destination of the traffic, which you can configure in the same manner as Source.

Service

(required)

NOTE: Voice over IP services are unavailable for IPv6 policies.

Type of traffic:

l any: This option specifies that this rule applies to any type of traffic.

l tcp: Using this option, you configure a range of TCP port(s) to match the rule to be

applied.

l udp: Using this option, you configure a range of UDP port(s) to match the rule to be

applied.

l service: Using this option, you use one of the pre-defined services (common protocols

such as HTTPS, HTTP, and others) as the protocol to match the rule to be applied. You

can also specify a network service that you configure by navigating to the

Configuration > Advanced Services > Stateful Firewall > Network Services page.

l protocol: Using this option, you specify a different layer 4 protocol (other than

TCP/UDP) by configuring the IP protocol value.

Action

(required)

The action that you want the controller to perform on a packet that matches the specified

criteria.

Table 34: IPv6 Firewall Policy Rule Parameters