09-25-2014 10:38 PM - edited 12-18-2014 05:18 PM
I have a setup like below. There will be some RAP units connecting from the outside to the controller.
I notice some ssh access attempted on the public interface of the controller. I want to protect the public-ip from mgmt access.
I was trying to configure a policy that allow only the RAP's to connect on the public-ip and rest be droped. But still the vlan-2 traffic be "ip nat inside" and go to the internet.
I am confused on the Firewall policy configuration, how in, out and session works. I cannot untrust the public interface port.
09-25-2014 10:42 PM - edited 09-25-2014 10:46 PM
09-26-2014 01:39 AM
literally the firewall policy "in" is incoming traffic, and "out" is outgoing traffic.
session, its applied both way..
The port need not be untrusted, right? inorder for this applied policy to take effect...
09-26-2014 04:55 AM