Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

211

212

213

214

215

216

217

218

219

220

219 | IPv6 Support Dell Networking W-Series ArubaOS 6.4.x| User Guide

Parameter Description

Session Mirror

Destination

Destination (IPv4 address or controller port) to which mirrored session packets

are sent. You can configure IPv6 flows to be mirrored with the session ACL

“mirror” option. This option is used only for troubleshooting or debugging.

Default: N/A

Session Idle Timeout Set the time, in seconds, that a non-TCP session can be idle before it is removed

from the session table. Specify a value in the range 16–259 seconds. You should

not set this option unless instructed to do so by a Dell representative.

Default: 30 seconds

Per-packet Logging Enables logging of every packet if logging is enabled for the corresponding

session rule. Normally, one event is logged per session. If you enable this option,

each packet in the session is logged. You should not enable this option unless

instructed to do so by a Dell representative, as doing so may create unnecessary

overhead on the controller.

Default: Disabled (per-session logging is performed)

IPv6 Enable Enables IPv6 globally.

Table 39: IPv6 Firewall Parameters

The following examples configure attack rates and the session timeout for IPv6 traffic.

To configure the firewall function via the WebUI:

1. Navigate to the Configuration > Advanced Services > Stateful Firewall > Global Setting page.

2. Under the IPv6 column, enter the following:

l For Monitor Ping Attack, enter 15

l For Monitor IP Session Attack, enter 25

l For Session Idle Timeout, enter 60

3. Click Apply.

To configure firewall functions using the command line interface, issue the following commands in config

mode:

ipv6 firewall attack-rate ping 15

ipv6 firewall attack-rate session 25

ipv6 firewall session-idle-timeout 60

Understanding Firewall Policies

A user role, which determines a client’s network privileges, is defined by one or more firewall policies. A firewall

policy consists of rules that define the source, destination, and service type for specific traffic, and whether you

want the controller to permit or deny traffic that matches the rule.

You can configure firewall policies for IPv4 traffic or IPv6 traffic, and apply IPv4 and IPv6 firewall policies to the

same user role. For example, if you have employees that use both IPv4 and IPv6 clients, you can configure

both IPv4 and IPv6 firewall policies and apply them both to the “employee” user role.

The procedure to configure an IPv6 firewall policy rule is similar to configuring a firewall policy rule for IPv4

traffic, but with some differences. Table 18 describes the required and optional parameters for an IPv6 firewall

policy rule.