Security

Reply
New Contributor
Posts: 4
Registered: ‎09-15-2011

How can I control the firewall settings on my 3600 controller

We use RAPs extensively here.  No issues with the remote users, I just need to be able to get access to their machines.  They connect via the Staff network and are assigned an IP in VLAN 92.  From within my corporate network I want to ping (or ideally RDP) to their machines via their RAP-assigned IP's.  I know my internal routing is correct but the traffic is being stopped at the controller.  It appears is if there is a firewall rule somewhere preventing this traffic.

 

I'm a bit lost in the interface.  Can anyone point me in the right direction as to how to enable specific ports from my internal network to go through the controller and down to RAP-connected devices?

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: How can I control the firewall settings on my 3600 controller

First, check to see if you can even ping the controller's ip address on VLAN 92.  Next you need to ensure that your employees get a role that does not block your traffic.  Firewall policies are, attached to users.  On the commandline, type "show user" to find out what role your user in VLAN 92 has.  Next, type "show rights <role>" to see what firewall policies are being applied.  When you find out the name of that role for your users, it can be edited at Configuration> Security> Access Control> User Roles.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎09-15-2011

Re: How can I control the firewall settings on my 3600 controller

Thank you.  I was able to see that the role is RAPWiredPhone.  In the UI I see that a number of policies are applied.  So I think I have the right role now.

 

To be clear in what I want to accomplish:  Users on the RAP are assigned an IP in the 192.168.92.0 subnet.  I'm internal, say 10.10.50.0 subnet.  I want my machine on 10.10.50.x to be able to get to 192.168.92.x. 

 

I have a group already defining our internal subnets and a rule at says source: any, Destination: <my subnets>, permit.  Do I need one reversed, for example source <my subnets>, destination: any?

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: How can I control the firewall settings on my 3600 controller

You might have to ask your network manager or even the person who setup the RAPs if that VLAN is even routable to where you are on the 10.x.x.x subnet.  If it is not, there is nothing you can do.  If it is routable, that ACL (assuming it is not blocking anything else) should allow you to reach those devices.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎09-15-2011

Re: How can I control the firewall settings on my 3600 controller

It's definitely routable.  I'll experiment with what you gave me and see if I can get this to work.

New Contributor
Posts: 4
Registered: ‎09-15-2011

Re: How can I control the firewall settings on my 3600 controller

Thank you for your help.  The show users was key in helping me wade through the million different policies to figure out which ones I needed to modify.  Much appreciated.

Search Airheads
Showing results for 
Search instead for 
Did you mean: