Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

211

212

213

214

215

216

217

218

219

220

Field Description

Source

(required)

Source of the traffic:

l any: Acts as a wildcard and applies to any source address.

l user: This refers to traffic from the wireless client.

l host: This refers to traffic from a specific host. When this option is chosen, you must

configure the IPv6 address of the host. For example,

2002:d81f:f9f0:1000:c7e:5d61:585c:3ab.

l network: This refers to a traffic that has a source IP from a subnet of IP addresses.

When you chose this option, you must configure the IPv6 address and network mask of

the subnet. For example, 2002:ac10:fe:: ffff:ffff:ffff::.

l alias: This refers to using an alias for a host or network.

NOTE: This release does not support IPv6 aliases. You cannot configure an alias for an IPv6

host or network.

Destination

(required)

Destination of the traffic, which you can configure in the same manner as Source.

Service

(required)

NOTE: Voice over IP services are unavailable for IPv6 policies.

Type of traffic:

l any: This option specifies that this rule applies to any type of traffic.

l tcp: Using this option, you configure a range of TCP port(s) to match the rule to be

applied.

l udp: Using this option, you configure a range of UDP port(s) to match the rule to be

applied.

l service: Using this option, you use one of the pre-defined services (common protocols

such as HTTPS, HTTP, and others) as the protocol to match the rule to be applied. You

can also specify a network service that you configure by navigating to the

Configuration > Advanced Services > Stateful Firewall > Network Services page.

l protocol: Using this option, you specify a different layer 4 protocol (other than

TCP/UDP) by configuring the IP protocol value.

Action

(required)

The action that you want the controller to perform on a packet that matches the specified

criteria.

l permit: Permits traffic matching this rule.

l drop: Drops packets matching this rule without any notification.

NOTE: The only actions for IPv6 policy rules are permit or deny; in this release, the

controller cannot perform network address translation (NAT) or redirection on IPv6

packets. You can specify options such as logging, mirroring, or blacklisting (described

below).

Log (optional) Logs a match to this rule. This is recommended when a rule indicates a security breach,

such as a data packet on a policy that is meant only to be used for voice calls.

Mirror

(optional)

Mirrors session packets to a datapath or remote destination specified in the IPv6 firewall

function (see “Session Mirror Destination” in Table 39). If the destination is an IP address,

it must be an IPv4 IP address.

Table 40: IPv6 Firewall Policy Rule Parameters

Dell Networking W-Series ArubaOS 6.4.x | User Guide IPv6 Support | 220