Contributor I

Howto Firewall rule : define Destination as 'local to the accesspoint'



We have 12 remote sites and have configured splittunneling for each site. A remote wireless client wishing to use a printer local to him, doesn't need to traverse the tunnel.


This means that for each site I have a firewall rule stating :


Source:Any Destination:Depot_Brussels Service:Any  Action: route src-nat  .....
Source:Any Destination:Depot_Ghent Service:Any  Action: route src-nat  .....
Source:Any Destination:Depot_Antwerp Service:Any  Action: route src-nat  .....



As Aruba's config is heavy on nested functions / reuse of configuration, this lowest level src-nat rule forces me to create separate splittun policies, and one level up, seperate AAA profiles refering to its own splittun for the default .1x role.


It would greatly simplify things if I could do

"...Destination : <local to the accesspoint in question>"


Another idea would be to list all my subnets in a single destination (it exists in the blocking rule) but then the tunnels wouldn't get used for 'across subnet' traffic, relying on toplevel L3 routing instead.


thx for any advice.



Search Airheads
Showing results for 
Search instead for 
Did you mean: