Reply
Occasional Contributor II

whitelist ACL

Hi everyone,

I have questions about whitelist ACL : after reading the user guide, I saw that when you add entry in a session acl, you can match a whitelist before allowing data from/to the controller.

"White list ACL : A rule must explicitly permit a traffic session before it is forwarded to the controller." (page 309 of UG 3.4.2)

If I understand, if I want to deny ssh access to the controller (except with an acl in the user role) I can create a whitelist acl that deny SSH access and match it with a session acl define in the user role, like that :

> cp-bandwidth-contract test mbits 1
> firewall cp
> deny proto 6 ports 22 22 bandwidth-contract test

> ip acess-list session ssh-for-student
> any any svc-ssh permit whitelist test

> user-roel student
> session-acl ssh-for-student

But the whitelist option doesn't exist when I add entry in session acl.

Does anyone has an idea?
What's the goal of whitelist acl?


Thanks in advance.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: