Filter
Top Products
299 | Rolesand Policies DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Field Description
Mirror (optional) Mirrors session packets to datapath or remote destination.
Queue (optional) The queue in which a packet matching this rule should be placed.
Select High for higher priority data, such as voice, and Low for lower priority traffic.
Time Range
(optional)
Time range for which this rule is applicable.
Configure time ranges on the Configuration > Security > Access Control > Time Ranges page.
Pause ARM
Scanning
(optional)
Pause ARM scanning while traffic is present. Note that you must enable “VoIP Aware Scanning” in
the ARM profile for this feature to work.
Black List
(optional)
Automatically blacklists a client that is the source or destination of traffic matching this rule. This
option is recommended for rules that indicate a security breach where the blacklisting option can
be used to prevent access to clients that are attempting to breach the security.
White List
(optional)
A rule must explicitly permit a traffic session before it is forwarded to the controller. The last rule in
the white list denies everything else.
Configure white list ACLs on the Configuration > Advanced Services> Stateful Firewall> White List
(ACL) page.
TOS (optional) Value of type of service (TOS) bits to be marked in the IP header of a packet matching this rule
when it leaves the controller.
802.1p Priority
(optional)
Value of 802.1p priority bits to be marked in the frame of a packet matching this rule when it leaves
the controller.
The following example creates a policy ‘web-only’ that allows web (HTTP and HTTPS) access.
In the WebUI
1. Navigate to the Configuration > Security > Access Control > Policies page on the WebUI.
2. To configure a firewall policy, select the policy type from the Policies title bar. You can select All, IPv4 Session,
IPv6 Session, Ethernet, MAC, Standard or Extended.
3. Click Add to create a new policy.
4. If you selected All in Step 2, then select the type of policy you are adding from the Policy Type drop-down menu.
5. Click Add to add a rule that allows HTTP traffic.
a. Under Service, select service from the drop-down list.
b. Select svc-http from the scrolling list.
c. Click Add.
6. Click Add to add a rule that allows HTTPS traffic.
a. Under Service, select service from the drop-down list.
b. Select svc-https from the scrolling list.
c. Click Add.
NOTE: Rules can be re-ordered by using the up and down buttons provided for each rule.
7. Click Apply to apply this configuration. The policy is not created until the configuration is applied.
In the CLI
(host)(config) #ip access-list session web-only