Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎03-19-2010

Differences between Aruba firewall and ACL versus others?

 

Hello,

 

Could you help me understand the differences between best practices, or should I say bad habits, learned elsewhere for firewalls and ACLs and best practices for Aruba?

 

Some specific things come to mind for an Aruba controller:

  • Is there EVER a reason to have the firewall do a reject?  My previous experience is that you do not want to do this as it gives the intruder information.  With the exception of troubleshooting it should be avoided.  Am I missing something?
  • Rules should start with specific and go to general.   Correct?
  • Are there any differences to be aware of from elsewhere?

 

Regards,

  David

Guru Elite
Posts: 20,820
Registered: ‎03-29-2007

Re: Differences between Aruba firewall and ACL versus others?


djkershaw wrote:

 

Hello,

 

Could you help me understand the differences between best practices, or should I say bad habits, learned elsewhere for firewalls and ACLs and best practices for Aruba?

 

Some specific things come to mind for an Aruba controller:

  • Is there EVER a reason to have the firewall do a reject?  My previous experience is that you do not want to do this as it gives the intruder information.  With the exception of troubleshooting it should be avoided.  Am I missing something?
  • Rules should start with specific and go to general.   Correct?
  • Are there any differences to be aware of from elsewhere?

 

Regards,

  David


The paradigm is pretty much the same.

 

One reason why you would do a reject is for performance:  There are some clients that will introduce a wait state when there is no response, as opposed to moving onto a different method of communication when there is a reject.  This is only one example that is not specific to Aruba:  I am sure there are others.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: