User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

361

362

363

364

365

366

367

368

369

370

367 | Roles and Policies Dell Networking W-Series ArubaOS 6.4.x| User Guide

Field Description

l dst-nat: Destination IP changes to the IP configured from the NAT pool. This

action functions in bridge/split-tunnel forwarding mode. User should configure

the NAT pool in the controller.

l src-nat:Source IP changes to RAP’s external IP. This action functions in bridge/s-

plit-tunnel forwarding mode and uses implied NAT pool.

Log (optional) Logs a match to this rule. This is recommended when a rule indicates a security

breach, such as a data packet on a policy that is meant only to be used for voice calls.

Mirror

(optional)

Mirrors session packets to datapath or remote destination.

Queue

(optional)

The queue in which a packet matching this rule should be placed.

Select High for higher priority data, such as voice, and Low for lower priority traffic.

Time Range

(optional)

Time range for which this rule is applicable.

Configure time ranges on the Configuration > Security > Access Control > Time

Ranges page.

Pause ARM

Scanning

(optional)

Pause ARM scanning while traffic is present. Note that you must enable “VoIP Aware

Scanning” in the ARM profile for this feature to work.

Black List

(optional)

Automatically blacklists a client that is the source or destination of traffic matching this

rule. This option is recommended for rules that indicate a security breach where the

blacklisting option can be used to prevent access to clients that are attempting to

breach the security.

White List

(optional)

A rule must explicitly permit a traffic session before it is forwarded to the controller.

The last rule in the white list denies everything else.

Configure white list ACLs on the Configuration > Advanced Services> Stateful

Firewall> White List (ACL) page.

TOS (optional) Value of type of service (TOS) bits to be marked in the IP header of a packet matching

this rule when it leaves the controller.

802.1p Priority

(optional)

Value of 802.1p priority bits to be marked in the frame of a packet matching this rule

when it leaves the controller.

The following example creates a policy ‘web-only’ that allows web (HTTP and HTTPS) access.

In the WebUI

1. Navigate to the Configuration > Security > Access Control > Policies page on the WebUI.

2. To configure a firewall policy, select the policy type from the Policies title bar. You can select All, IPv4

Session, IPv6 Session, Ethernet, MAC, Standard or Extended.

3. Click Add to create a new policy.

4. If you selected All in Step 2, then select the type of policy you are adding from the Policy Type drop-down

menu.

5. Click Add to add a rule that allows HTTP traffic.

a. Under Service, select service from the drop-down list.

b. Select svc-http from the scrolling list.

c. Click Add.

6. Click Add to add a rule that allows HTTPS traffic.