Controller Based WLANs

How to create Firewall policy based on Geo-location ?

Aruba Employee
Q:

How to create Firewall policy based on Geo-location ?



A:

The IP address classification feature with 6.5 enables both reputation and geolocation service .

For Firewall policy based on Geo-location we have a predefined ACL to which we can make changes “global-geolocation-acl”. This can be done only on Master 

(Aruba) (config) #ip access-list geolocation global-geolocation-acl

(Aruba) (config-global-geolocation-acl)#deny from ?
        anonymous_proxy          Match packets from/to anonymous proxy
        any                                    Match any location
        country                             Match packets from/to country
         region                               Match packets from/to region

(Aruba) (config-global-geolocation-acl)#deny to country ?
        STRING                  Name of the country

(Aruba) (config-global-geolocation-acl)#deny to country India

#ip access-list geolocation "global-geolocation-acl" deny to country "India"

(Aruba) (config-global-geolocation-acl)#show datapath session ip-classification | include D

Datapath Session Table Entries
       D - deny, R - redirect, Y - no syn
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

Source IP       Destination IP  Prot SPort DPort  Cntr    Prio ToS Age Destination TAge Packets    Bytes      SIDX     AclVer   Int-Flag Threat                  Country                 AceIdx    Flags
10.17.171.55    216.58.220.46   6    54660 443    0/0     0    0   0   tunnel 10   8    1          52         9745     12cc     1        N/A                     India                    519/0    FDYCA
10.17.171.55    216.58.220.46   6    54671 443    0/0     0    0   0   tunnel 10   8    1          52         a654     12cc     1        N/A                     India                    519/0    FDYCA
10.17.171.55    216.58.196.99   6    54646 443    0/0     0    0   0   tunnel 10   b    2          100        b134     12cc     1        N/A                     India                    519/0    FDYCA
10.17.171.55    216.58.196.99   6    54644 443    0/0     0    0   0   tunnel 10   b    2          100        e254     12cc     1        N/A                     India                    519/0    FDYCA

Version history
Revision #:
2 of 2
Last update:
‎03-29-2017 11:47 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.