06-22-2015 08:06 AM
Yes, in your ACL you can allow specific domains. However this can be problematic with modern websites, as for example gmail might require a bunch of google servers or content delivery
But you can whitelist mail.google.com and see what happens...
basically in your Logon role, add an ACL which allows the external domains you want to allow.
ACDX, ACCP, CISSP, CWNA
06-22-2015 08:11 AM
You did not mention if this is controller of IAP based. If it is IAP you should be able to write a rule for web category 'web mail' which might be easier then whitelisting specific domains.
I don't know if the controller has an equivilant category system you could use.
ACDX, ACCP, CISSP, CWNA
06-22-2015 08:15 AM
Hi this is using a 3600 controller as the master, should this ACL be set in the pre user role?
I use pre-guest before you authenticate through the captive portal then you use the guest role.
I could not see a domain to add in ACL?
06-22-2015 09:20 AM - edited 06-22-2015 09:21 AM
You have to add your custom policy in Pre-Login role.
Or you can add the same in whitelist under l3 authentication profile.
If you want to add domain in your ACL then you have to add it under
Advanced Services > Stateful Firewall > Destinations > Add Destination
06-23-2015 01:41 AM
Thanks for your help!
I have added the domain ok, but didnt work in the whitelist as still goes to the captive portal?
I also tried adding firewall policy to pre-guest role but I am unable to change priority as it just reverts back to the bottom below the captive portal policy so unable to access still?
06-23-2015 01:50 AM
2. If you are trying to change the priority of policy, make sure you are
clicking on apply button at bottom right corner.
06-23-2015 02:22 AM
I have added the whitelist again and i can now see it in the top of the firewall policy as list operations!
However it will not allow me to delete old policy, can I do the in command line?
Now when I try to browse to hotmail pre captive portal it tries but comes up with sertificate error and reverts back to login?
06-23-2015 04:50 AM
Please show us your entire policy.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs