Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Firewall Policy

This thread has been viewed 3 times

  • 1.  Firewall Policy

    Posted Jul 01, 2016 04:38 AM

    Hi all,

     

    I am probably being stupid and trying to get my head around firewall policies.  If a statement says: -

     

    user network 10.1.1.0 255.255.255.0 any permit

     

    That is referring to the destination IP isn't it?  As in, if a frame has a source of 10.1.1.1 and a destination of 10.2.2.2 then this rule will not be enacted and the policy will move onto the next rule, if the next rule is: -

     

    user any any permit

     

    This frame will then be accepted, is that correct?  Also, if as rule says: -

     

    user host 10.1.1.1 any deny

     

    This is referring to 10.1.1.1 as the source address isn't it?  So traffic to 10.1.1.1 will be allowed.  Is that correct?

     

    Thanks,

    Jamie.



  • 2.  RE: Firewall Policy

    Posted Jul 01, 2016 04:58 AM
    @papalazarou wrote:

    Hi all,

     

    I am probably being stupid and trying to get my head around firewall policies.  If a statement says: -

     

    user network 10.1.1.0 255.255.255.0 any permit

     

    That is referring to the destination IP isn't it?  As in, if a frame has a source of 10.1.1.1 and a destination of 10.2.2.2 then this rule will not be enacted and the policy will move onto the next rule, if the next rule is: -

     

    user any any permit

     

    This frame will then be accepted, is that correct?  Also, if as rule says: -

     

    user host 10.1.1.1 any deny

     

    This is referring to 10.1.1.1 as the source address isn't it?  So traffic to 10.1.1.1 will be allowed.  Is that correct?

     

    Thanks,

    Jamie.

    Hi Jamie,

     

    user host 10.1.1.1 any deny

     

    This mean traffic from the user to the host address 10.1.1.1 on any port/protocol will be denied.

     

    The other assumptions were correct.

     

    Cheers

    James



  • 3.  RE: Firewall Policy

    Posted Jul 01, 2016 05:04 AM

    The term "user" in this case refers to any IP address of a user.

     

    Cheers,



  • 4.  RE: Firewall Policy

    Posted Jul 01, 2016 05:48 AM

    Thanks guys, I suddenly worked it out, and yes the first user is the source and anything after is the destination, makes sense.  Thanks for confirming.



  • 5.  RE: Firewall Policy

    EMPLOYEE
    Posted Jul 01, 2016 04:58 AM
    For your example: user network 10.1.1.0 255.255.255<0>.0 any permit

    this is saying traffic from the user to the network 10.1.1.0/24 is permitted.