Wireless Access

I need to allow access to the default gateway for 40 subnets, but I want to restrict access to the rest of the subnet. is it possible to write a firewall rule that would let me wildcard the third octet of the subnet? For example I want it to be 192.168.xxx.1 where x is any subnet.

Maybe what you want can be accomplished in a different way.  The way you describe it would involve alot of work to accomplish.  What product are you using and what are you trying to block/allow in detail?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jun 17, 2022 12:23 PM
From: Barry Levites
Subject: How do I wildcard the third octet of a subnet?

I need to allow access to the default gateway for 40 subnets, but I want to restrict access to the rest of the subnet. is it possible to write a firewall rule that would let me wildcard the third octet of the subnet? For example I want it to be 192.168.xxx.1 where x is any subnet.

Basically I have a SSID that I'm using for an internal service. I have 45 sites I need to deploy this SSID to. Each site has a private subnet of 192.168.xxx.0/24 where xxx is the site id. So I'd like to be able to allow 192.168.xxx.1 for each of the 45 subnets but block access to the rest of the 192.168.xxx.0/24 subnets. Basically restrict most access internally but allow for internet access.
Original Message:
Sent: Jun 18, 2022 07:28 AM
From: Colin Joseph
Subject: How do I wildcard the third octet of a subnet?

Maybe what you want can be accomplished in a different way.  The way you describe it would involve alot of work to accomplish.  What product are you using and what are you trying to block/allow in detail?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jun 17, 2022 12:23 PM
From: Barry Levites
Subject: How do I wildcard the third octet of a subnet?

I need to allow access to the default gateway for 40 subnets, but I want to restrict access to the rest of the subnet. is it possible to write a firewall rule that would let me wildcard the third octet of the subnet? For example I want it to be 192.168.xxx.1 where x is any subnet.

Assuming 192.168.x.1 is the default gateway, you should allow traffic to internal services via protocol first, and then block all traffic to 192.168.0.0:

user any permit service svc-dns <dns server ip>
user any deny network 192.168.0.0 255.255.0.0
any any any permit

The default gateway (.1) is not the destination of any traffic so you can safely just block the whole subnet.  I don't know what product you are using, so the syntax above might not be correct, but you get the idea, hopefully.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jun 21, 2022 08:42 AM
From: Barry Levites
Subject: How do I wildcard the third octet of a subnet?

Basically I have a SSID that I'm using for an internal service. I have 45 sites I need to deploy this SSID to. Each site has a private subnet of 192.168.xxx.0/24 where xxx is the site id. So I'd like to be able to allow 192.168.xxx.1 for each of the 45 subnets but block access to the rest of the 192.168.xxx.0/24 subnets. Basically restrict most access internally but allow for internet access.
Original Message:
Sent: Jun 18, 2022 07:28 AM
From: Colin Joseph
Subject: How do I wildcard the third octet of a subnet?

Maybe what you want can be accomplished in a different way.  The way you describe it would involve alot of work to accomplish.  What product are you using and what are you trying to block/allow in detail?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jun 17, 2022 12:23 PM
From: Barry Levites
Subject: How do I wildcard the third octet of a subnet?

I need to allow access to the default gateway for 40 subnets, but I want to restrict access to the rest of the subnet. is it possible to write a firewall rule that would let me wildcard the third octet of the subnet? For example I want it to be 192.168.xxx.1 where x is any subnet.