ArubaOS and Controllers

Reply
New Contributor
Posts: 4
Registered: ‎01-06-2010

Firewall policy rule

Hi All,

I want to know whats the difference when I set up a policy rule with user, user and user, network.
Also, I created a policy for access to some specific ports with user, any and it worked. When I changed it to user, user, it did not allow traffic across those ports.
Both source and destination being on the same network.

Thanks in advance.
Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

User and User

the "user" variable means any user in the user table.

If you put user, user, that would mean any traffic from a user in the user table to another user in the user table.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Firewall policy rule

"user" is a built-in alias for any user that's connected to the Aruba controller. So, the way I understand it is, if you used something like:

user user tcp 23 permit

both source and destination would need to be connected to the same controller.

Using something like:

user network 10.10.10.0 255.255.255.0 tcp 23 permit

would allow telnet from a user connected to the controller to anyone in 10.10.10/24.
New Contributor
Posts: 4
Registered: ‎01-06-2010

Re: Firewall policy rule

Thanks for the reply, but now the question becomes that does the user has to be in the same role in the user table? Like can the source be on the logon role and the guest be on the initial role, before being authenticated ( say via captive portal).

I tried using user, user for a rule but did not work. When I changed to user, any the access was allowed( for a permit rule).
Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Question

The question, is, how would you like it to function?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: