Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

IAP 105 URL Filtering Issue

Dear Team,

 

I am using Aruba 105 as IAP, i have 4 APs deployed one of them is VC. everything is working perfect. I was trying to do the URL Filtering based on the predefined catagoies. Following is the problem.

 

1- I make some custom firewall rules to deny and allow some traffic for internal subnets that workes perfect. at this everything is denied so no internet access.

 

2- I try to make one rule to allow only "real-state" catagory and log the traffic as well. I also allow the DNS.

 

3- At this stage all the web traffic is allowed even i just alllowed the real state catagiory. I make the same catagoriy as deny action but still all the web traffic is passing through. If i remove this web url catagory rule then all web traffic is stop passing and i can see the deny action in the logs as well.

 

4- I didnt see any log when i make only single rule to allow the real state URLs only except the DNS. I can see the DNS is resolving the domain name whatever i access.

 

5- I deally it should only work for the catagiory allowed reset everthing is blocked.

 

Need help what could be the issue, it seems that when i allowed the rule for even a signle catagory the traffic is not passing thorugh the VC.

Guru Elite
Posts: 20,426
Registered: ‎03-29-2007

Re: IAP 105 URL Filtering Issue

Did you enable content filtering for that SSID?  http://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/Content_filtering/Enabling_Content_Filteri.htm?Highlight=filtering



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

Re: IAP 105 URL Filtering Issue

Yes it is enable still the same behaviour, seems traffic didnt hit the rule.

 

See the below rule 5 is not hitting, even i browse the yahoomail.com it is allowed. Whereas, yahoomaill should be denied as per the rules.

 

Rule 5
----------
Version : IPv4
Match Method : match
Source : ANY port 0-65535
Destination : ANY port 0-65535
DPI App : webcategory society
Action : permit
Options : log
AP Group : 0
Stat : hits 0

Rule 6
----------
Version : IPv4
Match Method : match
Source : ANY port ANY
Destination : ANY port ANY
DPI App :
Action : deny
Options : log
AP Group : 0
Stat : hits 19

Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

Re: IAP 105 URL Filtering Issue

Just review some pages, and found the below.

IAPs with DPI capability analyze data packets to identify applications in use and allow you to create access rules to determine client access to applications, application categories, web categories and website URLs based on web reputation.

 

Would it required any license or subscription?

Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

Re: IAP 105 URL Filtering Issue

Can anyone help in this regard?

Guru Elite
Posts: 20,426
Registered: ‎03-29-2007

Re: IAP 105 URL Filtering Issue

The IAP-105 only supports URL filtering, not DPI (Application Filtering).  We need screenshots of your entire SSID configuration and what version of Instant OS you are running to guess what is happening.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Community Administrator
Posts: 2,180
Registered: ‎12-03-2013

Re: IAP 105 URL Filtering Issue

@Ali Haidar Were you able to find a resolution or would you mind sharing your SSID config and Instant version?

CWNA, ACMP, Security +
Search Airheads
Showing results for 
Search instead for 
Did you mean: