When you want to eliminate chatty protocols it is recommened to apply this on ROLES you using? and ALSO on the ports on my controller
For example for my ROLES i would do this:
im building a firewall policy called Chatty protocols
with these parameters
for deny_mDNS
any any udp 5353 deny
for deny_SSDP_and_UPnP_acl
for deny_SSDP_and_UPnP_acl
any host 239.255.255.250 any deny
any host 239.255.255.253 any deny
for deny_netbios_acl
ip access-list session-acl deny_netbios_acl
any any udp 137 deny
any any udp 138 deny
for deny_client_acting_as_server_acl
ip access-list session deny_client_acting_as_server_acl
deny_client_acting_as_server_acl
user any udp 68 deny
So the firewall rule named Deny Chatty protocols woult be like this
any any udp 5353 deny
any host 239.255.255.250 any deny
any host 239.255.255.253 any deny
any any udp 137 deny
any any udp 138 deny
user any udp 68 deny
So on my roles would be something like this
Role name: Aruba Users
Inside that
Firewall polices:
1-Deny Chatty protocols
2-Normal User ACLs
I normally just had one firewall policy which was the user ACL for example where he was able to reach in the internal network and that kind of stuff... but i wanted to add also the part of elminating the chatty protocols...
Now for the ports in my Wireless controller i would use a similar firewall policy let say i named it blocked chattyprotocols
for the wired part would be like this
any any udp 5353 deny
any host 239.255.255.250 any deny
any host 239.255.255.253 any deny
any any udp 137 deny
any any udp 138 deny
user any udp 68 deny
user any any permit
I just want to know if im doing it right, it is correct the way im doing it?
Cheers
Carlos