Occasional Contributor II

whitelist ACL

Hi everyone,

I have questions about whitelist ACL : after reading the user guide, I saw that when you add entry in a session acl, you can match a whitelist before allowing data from/to the controller.

"White list ACL : A rule must explicitly permit a traffic session before it is forwarded to the controller." (page 309 of UG 3.4.2)

If I understand, if I want to deny ssh access to the controller (except with an acl in the user role) I can create a whitelist acl that deny SSH access and match it with a session acl define in the user role, like that :

> cp-bandwidth-contract test mbits 1
> firewall cp
> deny proto 6 ports 22 22 bandwidth-contract test

> ip acess-list session ssh-for-student
> any any svc-ssh permit whitelist test

> user-roel student
> session-acl ssh-for-student

But the whitelist option doesn't exist when I add entry in session acl.

Does anyone has an idea?
What's the goal of whitelist acl?

Thanks in advance.