Wireless Access

Reply
Contributor I

Blocking a website on 7210

I need to block a website on 7210 controller
I already enabled the firewall with a license

 

Thanks

Anonymous
Not applicable

Re: Blocking a website on 7210

Are you using 6.4?
Contributor I

Re: Blocking a website on 7210

Yes

Guru Elite

Re: Blocking a website on 7210

Create a netdestination with the DNS name. Then create a firewall policy with source user and destination alias and then choose the drop action.

Make sure your controller has a DNS server defined and that name lookups are enabled.

Sent from Windows Mail

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Blocking a website on 7210

Thanks,

 

Would you please send the commands or the steps if I can make it through GUI

Guru Elite

Re: Blocking a website on 7210

Some will require command line:

 

 

COMMAND LINE:

 

ip name-server <dns-server-ip-1>
ip name-server <dns-server-ip-2>
ip domain lookup

 (it will tell you that you need to reboot however it should work without rebooting the controller)

 

GUI example blocking all of facebook.com including subdomains.

 

Create a netdestination under Configuration > Advanced Services > Stateful Firewall > Destination

    - Give it a name and add a new rule of type "Name". 

    - Enter the domain name you are trying to block. Since we are blocking subdomains as well (www.facebook, login.facebook), we will put an asterisk in front (see screenshot)

 

facebook-netdest.PNG

 

Now you'll want to create a new session ACL to block the traffic.

   - Navigate to Configuration > Security > Policies

   - Click Add to create a new session policy. Give it a name.

   - Click the add button to add an ACL entry. The screenshot below will block all traffic to any facebook website that ends in facebook.com

   - Notice for destination, you will select "Alias" and then choose the netdestination that you created in the previous step.

 

facebook-deny-acl.PNG

 

 

The last step is to add that policy to a user-role. Make sure it is higher than an allowall or allow all http/https.

 

 

 

If you'd like to see the current DNS cache on the controller, run:

 

#show firewall dns-names

 


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: