Josh,

Yes, you will need to create firewall policies, create a user role with the associated firewall policies and then apply the new user role to the auth'd users.

-Mike

---

joshb wrote:

I wanting want to deploy a RAP5 and use split tunneling, but to do so, I need firewall and policy settings.  The last time I applied a PEFNG license it took down our wireless network because the firewall policy for the the user role that our devices get assigned to is "Not Configured".  When I applied the licenses it enatced a firewall rule of Deny All since it was "Not Configured.

 

However I cannot figure out how to add a Firewall policy to this user role.  Do I need to create a new user role and apply the firewall policy to it and then change the user role for our auth'd users to the new user role?

 

Sorry if this is confusing.

 

Josh

---

Under the "Remote Access Points" chapter in the ArubaOS user guide, there is a subchapter called "Split Tunneling" that details how.

I have created a firewall policy, and I am attempting to create a User Role.  When I hit new for the user role I do not have an "add" button to pick a firewall policy.

Can you post a screen shot of this? I just want to make sure you are in the right place.

Here you go.

I have seen that happen before after an AOS upgrade. My recommendation is to clear your cache and try it again. Also, try it in Chrome as well.

It is happening in Chrome too.  We did upgrade to 5.0.4.4 last week.  I will flush browser cache and see what happens.

just for my own sanity, how do you add a user-role in the terminal session?  I see in documentation that it should be #user-role "UserRole"

but it is not accepting it as a valid command.

Make sure you are in config t mode first:

(Aruba3200) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba3200) (config) #user-role ?
STRING Name of user role