Reply
Occasional Contributor II
joshb
Posts: 16
Registered: ‎01-07-2011

policy and firewall settings / initial config

I wanting want to deploy a RAP5 and use split tunneling, but to do so, I need firewall and policy settings.  The last time I applied a PEFNG license it took down our wireless network because the firewall policy for the the user role that our devices get assigned to is "Not Configured".  When I applied the licenses it enatced a firewall rule of Deny All since it was "Not Configured.

 

However I cannot figure out how to add a Firewall policy to this user role.  Do I need to create a new user role and apply the firewall policy to it and then change the user role for our auth'd users to the new user role?

 

Sorry if this is confusing.

 

Josh

Aruba Employee
mike-narine
Posts: 135
Registered: ‎06-18-2007

Re: policy and firewall settings / initial config

[ Edited ]

Josh,

 

Yes, you will need to create firewall policies, create a user role with the associated firewall policies and then apply the new user role to the auth'd users.

 

-Mike

Moderator
cjoseph
Posts: 11,026
Registered: ‎03-29-2007

Re: policy and firewall settings / initial config


joshb wrote:

I wanting want to deploy a RAP5 and use split tunneling, but to do so, I need firewall and policy settings.  The last time I applied a PEFNG license it took down our wireless network because the firewall policy for the the user role that our devices get assigned to is "Not Configured".  When I applied the licenses it enatced a firewall rule of Deny All since it was "Not Configured.

 

However I cannot figure out how to add a Firewall policy to this user role.  Do I need to create a new user role and apply the firewall policy to it and then change the user role for our auth'd users to the new user role?

 

Sorry if this is confusing.

 

Josh


Under the "Remote Access Points" chapter in the ArubaOS user guide, there is a subchapter called "Split Tunneling" that details how.

 

Occasional Contributor II
joshb
Posts: 16
Registered: ‎01-07-2011

Re: policy and firewall settings / initial config

I have created a firewall policy, and I am attempting to create a User Role.  When I hit new for the user role I do not have an "add" button to pick a firewall policy.

Aruba Employee
zjennings
Posts: 457
Registered: ‎04-17-2009

Re: policy and firewall settings / initial config

Can you post a screen shot of this? I just want to make sure you are in the right place.

Occasional Contributor II
joshb
Posts: 16
Registered: ‎01-07-2011

Re: policy and firewall settings / initial config

Here you go.

Aruba Employee
zjennings
Posts: 457
Registered: ‎04-17-2009

Re: policy and firewall settings / initial config

I have seen that happen before after an AOS upgrade. My recommendation is to clear your cache and try it again. Also, try it in Chrome as well.

Occasional Contributor II
joshb
Posts: 16
Registered: ‎01-07-2011

Re: policy and firewall settings / initial config

It is happening in Chrome too.  We did upgrade to 5.0.4.4 last week.  I will flush browser cache and see what happens.

Occasional Contributor II
joshb
Posts: 16
Registered: ‎01-07-2011

Re: policy and firewall settings / initial config

just for my own sanity, how do you add a user-role in the terminal session?  I see in documentation that it should be #user-role "UserRole"

 

but it is not accepting it as a valid command.

Aruba Employee
zjennings
Posts: 457
Registered: ‎04-17-2009

Re: policy and firewall settings / initial config

Make sure you are in config t mode first:

 

(Aruba3200) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba3200) (config) #user-role ?
STRING Name of user role