Wireless Access

Reply
Contributor I

is there a way to see the firewall policy alias?

I am trying to understand the system I inherited. The policies make intuitive sense but most of them use alias's that sounds legitimate but I can't find any way to actually see what they are. For example, the attached graphic shows that my captive portal people can use HTTPS to get to some address or range  called "mswitch" but I can't figure out where it tells me exactly what "mswitch" is.

 

Can anyone point me where to look?

MArk

 

Capture.PNG

Guru Elite

Re: is there a way to see the firewall policy alias?

Some of these are system generated and shouldn't be modified.

 

You can view the contents of the system-generated aliases at the CLI by running:

 

show netdestination mswitch

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: is there a way to see the firewall policy alias?

Thanks Tim, that solved it.

 

That does bring up a difficult point for me though. The way I read that policy is that port 80 and 443 are port-nat'ed (is that the right way to say that?) to 8080 and 8081.

 

My problem is that I don't have a rule in my fortigate firewall that allows ports 8080 and 8081 out onto the internet, so theoretically anyone using the guest policy should not be able to surf the internet.

 

Obviously I still have more learning to do!

Mark

Guru Elite

Re: is there a way to see the firewall policy alias?

Yes, this happens at the controller which allows the captive-portal redirect. You do not need to change any ports in your firewall. It is destination NATing the traffic internally inside the controller.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II

Re: is there a way to see the firewall policy alias?

You can run  #show netdestination ipv4 to check all your IPV4 aliases.

Or you can check from GUI.

aliases.jpg

 

 

Contributor I

Re: is there a way to see the firewall policy alias?

thank you both!

1) I had no idea how to use the cli to see those things

2) I didn't even realize the stateful firewall was in use and had never looked at the gui for it..lol. I had assumed since I have a fortigate firewall the firewall built in to the aruba controller was not enabled. Obviously that is not accurate.. more reading!

 

Thanks again.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: