Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Using Aruba as edge firewall

This thread has been viewed 1 times

  • 1.  Using Aruba as edge firewall

    Posted Mar 20, 2013 12:43 PM

    In a small office we have a 650 we want to use as the edge firewall, in addition to its role as wireless controller.  Is there a preset AAA profile that should be applied to the untrusted uplink interface to protect it from all the evils of the internet? Or will there only be a need for a AAA policy if there is incoming traffic needs such as web server etc..

     

    Thanks



  • 2.  RE: Using Aruba as edge firewall

    Posted Mar 20, 2013 02:10 PM

    (MAKE SURE YOU HAVE PEF/PEFNG INSTALLED)

     

    Yes, you can apply firewall policies to the network interfaces (physical or VLAN). You can do this on the GUI at Configuration/Netowrk/Ports menu.

    Create your firewall policies first and simply apply it to the interface and it should do the job.

     Untitled.png

    **IF U JUST WANT TO ENABLE FIREWALL ON PORT/VLAN  - JUST ADD ACL PROFILE to your VLAN/PORT**

     You can if you are using different vlans for each tunnel. You can apply the aaa profile right on the vlan itself.



  • 3.  RE: Using Aruba as edge firewall

    Posted Mar 20, 2013 02:13 PM

    Thanks kdisc98,

    I was wondering specifically if there is a firewall policy that is kind of the default policy for this type of usage.  I did not see any firewall policy like default-inbound-firewall. Is there something I should put specifically on this that covers the most common use cases?  I just don't want to reinvent the wheel with creating this policy if one is already in circulation.

     

    thanks

    Matt



  • 4.  RE: Using Aruba as edge firewall

    Posted Mar 20, 2013 02:17 PM
    • It's depands which services you would like to block.
    • build/config/coustimze your own.

     



  • 5.  RE: Using Aruba as edge firewall

    Posted Mar 20, 2013 02:27 PM

    So there is no good starting point for this, It is just from scratch.  Do I need to explicitly deny all incoming traffic or does the Untrusted port do that by default?  



  • 6.  RE: Using Aruba as edge firewall

    Posted Mar 20, 2013 02:34 PM
    • just add firewall policy to your WAN port - and leave it trusted.
    • Untrusted ports - usully used to auth wired users,untrusted port will do it by default. (BLOCK EVERYTHING - ALL KIND OF TRAFFIC EXCEPT WHAT YOU WILL ALLOW IN THE ACCESS ROLE THAT )