Wireless Access

Reply
Contributor I
Posts: 30
Registered: ‎03-28-2011

Next Generation Firewall 101

Hi,

 

Before I installed a trial version of the NGF my wifi network (a 620 controller + 4 AP) worked perfectly.

I installed the NGF to solve a dot1x issue : I couldn't populate a "server auth group" without it. In fact all my dot1x issues have now been resolved, including a missing authenticated user role.

 

But

 

Although i can icmp all my subnets in all directions - from wifi to LAN and vice versa, TCP sessions fail. My wireless clients fail to connect to terminalservers, and Lan PC's fail to connect to Airdroid on an android phone, which is a http server running on a smartphone to do fileupload. I know my way around an ASA firewall, i know about deny precedence ... basically I don't want the controller to do any form of firewalling.  Could anyone point me to the right direction ?

 

thx

 

Ward

Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Next Generation Firewall 101

What Role do your wireless clients end up in?  Those Roles have firewall policies attached to them.

 

Go to configuration> Security> Access control and Edit whatever role you want to make more permissive.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 30
Registered: ‎03-28-2011

Re: Next Generation Firewall 101

 

That was it, I selected the "authenticated role" and re-connected laptops as well as airdroid's to the wifi.

 

Now TerminalServers are accessible from wifi , and Airdroid webservers from LAN !

 

 

Chances are I'll ask some pointers next  for my first "remote" accesspoint, on a private Wan, in split tunneling mode : I want to control it centrally, but for all other intents and purposes the AP needs to break out remotely and use legacy routing if it needs a resource in the Core. I want remote wifi clients to print remotely without going back and forth over the WAN.

That was the real purpose of the NGF install.

 

 

Thank you very much !

Ward

Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Next Generation Firewall 101

Excellent Ward. We will be waiting to answer all your questions!


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: