Hi,
I have a setup like below. There will be some RAP units connecting from the outside to the controller.
-----private-net(vlan-2)-----Controller---Public-net---
I notice some ssh access attempted on the public interface of the controller. I want to protect the public-ip from mgmt access.
I was trying to configure a policy that allow only the RAP's to connect on the public-ip and rest be droped. But still the vlan-2 traffic be "ip nat inside" and go to the internet.
I am confused on the Firewall policy configuration, how in, out and session works. I cannot untrust the public interface port.