Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP 105 URL Filtering Issue

This thread has been viewed 3 times

  • 1.  IAP 105 URL Filtering Issue

    Posted Jan 03, 2017 04:53 AM

    Dear Team,

     

    I am using Aruba 105 as IAP, i have 4 APs deployed one of them is VC. everything is working perfect. I was trying to do the URL Filtering based on the predefined catagoies. Following is the problem.

     

    1- I make some custom firewall rules to deny and allow some traffic for internal subnets that workes perfect. at this everything is denied so no internet access.

     

    2- I try to make one rule to allow only "real-state" catagory and log the traffic as well. I also allow the DNS.

     

    3- At this stage all the web traffic is allowed even i just alllowed the real state catagiory. I make the same catagoriy as deny action but still all the web traffic is passing through. If i remove this web url catagory rule then all web traffic is stop passing and i can see the deny action in the logs as well.

     

    4- I didnt see any log when i make only single rule to allow the real state URLs only except the DNS. I can see the DNS is resolving the domain name whatever i access.

     

    5- I deally it should only work for the catagiory allowed reset everthing is blocked.

     

    Need help what could be the issue, it seems that when i allowed the rule for even a signle catagory the traffic is not passing thorugh the VC.



  • 2.  RE: IAP 105 URL Filtering Issue

    EMPLOYEE


  • 3.  RE: IAP 105 URL Filtering Issue

    Posted Jan 03, 2017 05:47 AM

    Yes it is enable still the same behaviour, seems traffic didnt hit the rule.

     

    See the below rule 5 is not hitting, even i browse the yahoomail.com it is allowed. Whereas, yahoomaill should be denied as per the rules.

     

    Rule 5
    ----------
    Version : IPv4
    Match Method : match
    Source : ANY port 0-65535
    Destination : ANY port 0-65535
    DPI App : webcategory society
    Action : permit
    Options : log
    AP Group : 0
    Stat : hits 0

    Rule 6
    ----------
    Version : IPv4
    Match Method : match
    Source : ANY port ANY
    Destination : ANY port ANY
    DPI App :
    Action : deny
    Options : log
    AP Group : 0
    Stat : hits 19



  • 4.  RE: IAP 105 URL Filtering Issue

    Posted Jan 03, 2017 05:52 AM

    Just review some pages, and found the below.

    IAPs with DPI capability analyze data packets to identify applications in use and allow you to create access rules to determine client access to applications, application categories, web categories and website URLs based on web reputation.

     

    Would it required any license or subscription?



  • 5.  RE: IAP 105 URL Filtering Issue

    Posted Jan 04, 2017 02:54 AM

    Can anyone help in this regard?



  • 6.  RE: IAP 105 URL Filtering Issue

    EMPLOYEE
    Posted Jan 04, 2017 06:43 AM

    The IAP-105 only supports URL filtering, not DPI (Application Filtering).  We need screenshots of your entire SSID configuration and what version of Instant OS you are running to guess what is happening.



  • 7.  RE: IAP 105 URL Filtering Issue

    Posted Jan 12, 2017 01:57 PM

    @Ali Haidar Were you able to find a resolution or would you mind sharing your SSID config and Instant version?