Table of Contents
Advertisement
Managing Inbound Traffic
Instant now supports an enhanced inbound firewall by allowing the configuration of firewall rules and
management subnets, and restricting corporate access through an uplink switch.
To allow flexibility in firewall configuration, Instant supports the following features:
Inbound firewall rules
l
Configurable management subnets
l
Restricted corporate access
l
Configuring Inbound Firewall Rules
You can now configure firewall rules for the inbound traffic coming through the uplink ports of an IAP. The
rules defined for the inbound traffic are applied if the destination is not a user connected to the IAP. If the
destination already has a user role assigned, the user role overrides the actions or options specified in the
inbound firewall configuration. However, if a deny rule is defined for the inbound traffic, it is applied
irrespective of the destination and user role. Unlike the ACL rules in a WLAN SSID or a wired profile, the
inbound firewall rules can be configured based on the source subnet.
For all subnets, a deny rule is created by default as the last rule. If at least one rule is configured, the deny all
rule is applied to the upstream traffic by default.
Management access to the IAP is allowed irrespective of the inbound firewall rule. For more information on
configuring restricted management access, see
The inbound firewall is not applied to traffic coming through the GRE tunnel.
You can configure inbound firewall rules through the Instant UI or the CLI.
In the Instant UI
1. Navigate to Security > Inbound Firewall. The Inbound Firewall tab contents are displayed.
2. Under Inbound Firewall Rules, click New. The New Rule window is displayed.
Figure 42 Inbound Firewall Rules - New Rule Window
3. Configure the following parameters:
191
| Roles and Policies
Configuring Management Subnets on page
193.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Hide quick links:
Advertisement
Table of Contents
