Controller Based WLANs

Is the firewall configuration pushed from master to local controller?

by ‎06-10-2015 04:52 AM - edited ‎06-10-2015 04:52 AM
Q:

Is the firewall configuration pushed from master to local controller?



A:

We have in-built firewall functionality in Aruba controller which is used to configure parameters on a global level on the controller.

 

For example:

(Aruba7210) (config) #show firewall

Global firewall policies
------------------------
Policy                                       Action                                            Rate       Port
------                                       ------                                            ----       ----
Enforce TCP handshake before allowing data   Disabled
Prohibit RST replay attack                   Disabled
Deny all IP fragments                        Disabled
Prohibit IP Spoofing                         Disabled
Monitor ping attack                          Disabled
Monitor TCP SYN attack                       Disabled

..
 

We can make changes to it in configuration mode:

(Aruba7210) (config) #no firewall prohibit-ip-spoofing

OR

(Aruba7210) (config) #firewall prohibit-arp-spoofing

 

However, these changes are not pushed from master controller to local controllers. They need to be configured individually on each controller.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.