Wireless Access

Reply
Frequent Contributor II
Posts: 120
Registered: ‎10-31-2012

Using Aruba as edge firewall

In a small office we have a 650 we want to use as the edge firewall, in addition to its role as wireless controller.  Is there a preset AAA profile that should be applied to the untrusted uplink interface to protect it from all the evils of the internet? Or will there only be a need for a AAA policy if there is incoming traffic needs such as web server etc..

 

Thanks

MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Using Aruba as edge firewall

[ Edited ]

(MAKE SURE YOU HAVE PEF/PEFNG INSTALLED)

 

Yes, you can apply firewall policies to the network interfaces (physical or VLAN). You can do this on the GUI at Configuration/Netowrk/Ports menu.

Create your firewall policies first and simply apply it to the interface and it should do the job.

 Untitled.png

**IF U JUST WANT TO ENABLE FIREWALL ON PORT/VLAN  - JUST ADD ACL PROFILE to your VLAN/PORT**

 You can if you are using different vlans for each tunnel. You can apply the aaa profile right on the vlan itself.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor II
Posts: 120
Registered: ‎10-31-2012

Re: Using Aruba as edge firewall

Thanks kdisc98,

I was wondering specifically if there is a firewall policy that is kind of the default policy for this type of usage.  I did not see any firewall policy like default-inbound-firewall. Is there something I should put specifically on this that covers the most common use cases?  I just don't want to reinvent the wheel with creating this policy if one is already in circulation.

 

thanks

Matt

MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Using Aruba as edge firewall

  • It's depands which services you would like to block.
  • build/config/coustimze your own.

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor II
Posts: 120
Registered: ‎10-31-2012

Re: Using Aruba as edge firewall

So there is no good starting point for this, It is just from scratch.  Do I need to explicitly deny all incoming traffic or does the Untrusted port do that by default?  

MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Using Aruba as edge firewall

[ Edited ]
  • just add firewall policy to your WAN port - and leave it trusted.
  • Untrusted ports - usully used to auth wired users,untrusted port will do it by default. (BLOCK EVERYTHING - ALL KIND OF TRAFFIC EXCEPT WHAT YOU WILL ALLOW IN THE ACCESS ROLE THAT )
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: