Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Route ro ESI for guest and firewall policies

This thread has been viewed 0 times

  • 1.  Route ro ESI for guest and firewall policies

    Posted Mar 23, 2015 01:04 PM

    We have an interface on our controller connected into a dmz, and the Guest role simply uses a Route to ESI policy to reditect ANY traffic to our internet gateway in the dmz.  Ass this pushes ANY traffic towards the dmz, do we need any  DENY rules, as I would assume that ANY and all traffic would simply be getting pushed towards to the dmz, so in way, would be completely isolated from our internal lan.

     

    This role simply consists of allow dhcp and dns (served by a server in the dmz), the route any traffic towards an interface in the dmz, so I would assume this would then also act to protect anything not in the dmz...  is this correct??

     

     

     



  • 2.  RE: Route ro ESI for guest and firewall policies

    Posted Mar 23, 2015 02:36 PM

    Hi,

     

    Is the role having any policy to redirect the traffic to the DMZ ? if yes then you have enough policies to work.

    In these type of scenarios we need to have "logon-control" role which will allow only, DHCP, DNS,ICMP and NATT traffic along with a policy which will redirect the rest of the traffic to the DMZ.

     

    Hope got some clarity on this,

     

    Please feel free for any further queries on this.