Wireless Access

I am trying to understand the system I inherited. The policies make intuitive sense but most of them use alias's that sounds legitimate but I can't find any way to actually see what they are. For example, the attached graphic shows that my captive portal people can use HTTPS to get to some address or range  called "mswitch" but I can't figure out where it tells me exactly what "mswitch" is.

Can anyone point me where to look?

MArk

Some of these are system generated and shouldn't be modified.

You can view the contents of the system-generated aliases at the CLI by running:

show netdestination mswitch

Thanks Tim, that solved it.

That does bring up a difficult point for me though. The way I read that policy is that port 80 and 443 are port-nat'ed (is that the right way to say that?) to 8080 and 8081.

My problem is that I don't have a rule in my fortigate firewall that allows ports 8080 and 8081 out onto the internet, so theoretically anyone using the guest policy should not be able to surf the internet.

Obviously I still have more learning to do!

Mark

Yes, this happens at the controller which allows the captive-portal redirect. You do not need to change any ports in your firewall. It is destination NATing the traffic internally inside the controller.

You can run  #show netdestination ipv4 to check all your IPV4 aliases.

Or you can check from GUI.

thank you both!

1) I had no idea how to use the cli to see those things

2) I didn't even realize the stateful firewall was in use and had never looked at the gui for it..lol. I had assumed since I have a fortigate firewall the firewall built in to the aruba controller was not enabled. Obviously that is not accurate.. more reading!

Thanks again.