Wireless Access

Regular Contributor II

Route ro ESI for guest and firewall policies

We have an interface on our controller connected into a dmz, and the Guest role simply uses a Route to ESI policy to reditect ANY traffic to our internet gateway in the dmz.  Ass this pushes ANY traffic towards the dmz, do we need any  DENY rules, as I would assume that ANY and all traffic would simply be getting pushed towards to the dmz, so in way, would be completely isolated from our internal lan.


This role simply consists of allow dhcp and dns (served by a server in the dmz), the route any traffic towards an interface in the dmz, so I would assume this would then also act to protect anything not in the dmz...  is this correct??




Valued Contributor II

Re: Route ro ESI for guest and firewall policies



Is the role having any policy to redirect the traffic to the DMZ ? if yes then you have enough policies to work.

In these type of scenarios we need to have "logon-control" role which will allow only, DHCP, DNS,ICMP and NATT traffic along with a policy which will redirect the rest of the traffic to the DMZ.


Hope got some clarity on this,


Please feel free for any further queries on this.

Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: