I'm evaluating the Aruba controller and a RAP-3 to use for remote workers from their house. I want to be able to lock down what they can get to through the tunnel. I'm having issues understanding how the firewall policies are applied to the RAP. It seems everything is permitted and I can't figure out how to get the User role applied.
I'm testing with wired port 2 on the RAP. It's in tunnel mode since I don't want to allow split-tunneling (per security team). I see where there is a "Bridge Role" that allows selecting a user role but since I'm not running in Bridge mode I assume that's not being used. I've attached the config after removing a few pieces I didn't think were needed. If anyone cane help me figure it out I'd appreciate it.
Is there a good way to monitor the firewall traffic other than the "Firewall Hits" in the GUI or "show datapath session table" in the cmd? Something that will help debug whats going on and why?
thanks,
Justin