Wireless Access

Reply
Occasional Contributor II
Posts: 31
Registered: ‎02-23-2016

Firewall Policy

Hi all,

 

I am probably being stupid and trying to get my head around firewall policies.  If a statement says: -

 

user network 10.1.1.0 255.255.255.0 any permit

 

That is referring to the destination IP isn't it?  As in, if a frame has a source of 10.1.1.1 and a destination of 10.2.2.2 then this rule will not be enacted and the policy will move onto the next rule, if the next rule is: -

 

user any any permit

 

This frame will then be accepted, is that correct?  Also, if as rule says: -

 

user host 10.1.1.1 any deny

 

This is referring to 10.1.1.1 as the source address isn't it?  So traffic to 10.1.1.1 will be allowed.  Is that correct?

 

Thanks,

Jamie.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Firewall Policy

For your example: user network 10.1.1.0 255.255.255<0>.0 any permit

this is saying traffic from the user to the network 10.1.1.0/24 is permitted.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 952
Registered: ‎04-13-2009

Re: Firewall Policy


papalazarou wrote:

Hi all,

 

I am probably being stupid and trying to get my head around firewall policies.  If a statement says: -

 

user network 10.1.1.0 255.255.255.0 any permit

 

That is referring to the destination IP isn't it?  As in, if a frame has a source of 10.1.1.1 and a destination of 10.2.2.2 then this rule will not be enacted and the policy will move onto the next rule, if the next rule is: -

 

user any any permit

 

This frame will then be accepted, is that correct?  Also, if as rule says: -

 

user host 10.1.1.1 any deny

 

This is referring to 10.1.1.1 as the source address isn't it?  So traffic to 10.1.1.1 will be allowed.  Is that correct?

 

Thanks,

Jamie.


Hi Jamie,

 

user host 10.1.1.1 any deny

 

This mean traffic from the user to the host address 10.1.1.1 on any port/protocol will be denied.

 

The other assumptions were correct.

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 301
Registered: ‎04-03-2014

Re: Firewall Policy

The term "user" in this case refers to any IP address of a user.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Occasional Contributor II
Posts: 31
Registered: ‎02-23-2016

Re: Firewall Policy

Thanks guys, I suddenly worked it out, and yes the first user is the source and anything after is the destination, makes sense.  Thanks for confirming.

Search Airheads
Showing results for 
Search instead for 
Did you mean: