Does walled garden feature support clients configured for proxy?

Aruba Employee

Question: Does walled garden feature support clients configured for proxy?

Environment: Controller running code 6.3 and above with proxy in the network

 

 

If walled garden is implemented as user-role via domain name acl.. (e.g. user alias yahoo.com any permit), then proxy will not work.
This is because the ACL cannot see “yahoo.com” IP address in the session. The client will send TCP and HTTP packets to the proxy server and not to yahoo.com.
 
However, the captive portal based walled garden (also known as whitelist) will work because the proxy handler (port 8088) is already configured to permit “yahoo.com” and not to “redirect”. The controller proxy will connect to the actual server (yahoo.com) and transfer the contents to the client.

For eg:
Have whitelist for yahoo.com and proxy configured with port 3128. When client accessed yahoo.com whitelist will be checked.
 
ACL hits are as below.
 
(Aruba6000) (config) #show acl hits
 
User Role ACL Hits
------------------
Role     Policy                Src   Dst                  Service       Action   Dest/Opcode  New Hits  Total Hits  Index  Ipv4/Ipv6
----     ------                ---   ---                  -------       ------   -----------  --------  ----------  -----  ---------
logon    cppm_list_operations  user  yahoo.com            svc-https     permit                5         7           8493   ipv4
logon    CPPM                  user  10.15.56.165         svc-https     permit                9         19          8499   ipv4
logon    logon-control         any   any                  svc-dns       permit                18        37          8511   ipv4
logon    logon-control         any   any                  svc-dhcp      permit                0         2           8512   ipv4
logon    captiveportal         user  any                  svc-http      dst-nat  8080         11        26          8523   ipv4
logon    captiveportal         user  any                  svc-https     dst-nat  8081         2         2           8524   ipv4
logon    v6-logon-control      any   any                  svc-v6-icmp   permit                7         7           8534   ipv6
logon    v6-logon-control      any   ipv6-reserved-range  any           deny                  0         1           8539   ipv6
logon    captiveportal6        user  any                  svc-https     dst-nat  8081         6         6           8542   ipv6
logon                          any   any                  0             deny                  9         11          8549   ipv6
ap-role  control               any   any                  svc-papi      permit                12        13          7893   ipv4
ap-role  control               any   any                  svc-sec-papi  permit                0         1           7894   ipv4
ap-role  ap-acl                any   any                  svc-syslog    permit                1         1           7904   ipv

Version history
Revision #:
1 of 1
Last update:
‎11-10-2014 05:54 AM
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: