Home > GUI > Configuration > IP Firewall Policies
|
IP Firewall Policies
View, add, sort, select, modify, and delete IP (Internet protocol) firewall policies.
Navigate using the tab icons. Hover over an icon to see the name of the tab.
Configure > Common Objects > Security > IP Firewall Policies > policy_name
An IP firewall policy supports APs and wired clients connected to SR2024, SR2024P, SR2124P, and SR2148P Extreme Networks SR-Series switches. By extending IP firewall support to the switches, Extreme Networks enables you to define an IP firewall policy that is independent of wireless or wired access to your network. APs support a maximum of 64 policy rules and switches support a maximum of 20 rules. See IP Firewall Policies, IP Firewall Policy Rules, IP Firewall Rule Services, and User Profile Security Settings.
To create an IP firewall policy for switches and APs, first create an IP policy profile, add policy rules to the profile, bind the user profile to access port types, and push the updated configuration to your devices.
Note
IP firewall policies are supported on Extreme Networks switches functioning as switches and APs functioning as APs. Branch routers, switches functioning as routers, and APs functioning as routers support network firewalls.An IP Firewall policy profile is a container to which you add rules that the device applies to traffic based on the source and destination IP addresses and the service type.
Navigate to Configure > Common Objects > Security > IP Firewall Policies. Select 
. In the New IP Firewall Profile dialog box, enter the following information, add policy rules (see IP Firewall Policy Rules, and then select Save.
Name: Enter a name for the IP Firewall policy. The name can be up to 32 characters long and cannot have any spaces.
Description: Enter an optional description for this policy, for example "Sales access to Midas servers". The description can contain up to 128 characters, including spaces.
Add rules to your policy. For informaion, see IP Firewall Policy Rules.
When you are done, select Save.
You can redirect a user device to an external web site. You can add a single IP Firewall rule at a time, or add a fixed set of IP Firewall rules that by default include basic network services such as DHCP and DNS. For more information, see IP Firewall Policies, and in the network policy workflow, User Profile Security Settings.
To modify an IP firewall policy profile, select the check box next to the profile name, and then select 
. You can modify the profile description, but not the profile name. You can also add, delete, or modify policy rules.
You can dd a new profile by cloning an existing object or profile and then renaming it. Select the check box for the object or profile that you want to clone and then select 
. In the dialog box, enter the new name, and then select Clone.
You can remove a single IP firewall policy profile or multiple profiles at the same time.
Note
You cannot remove a profile if a network policy currently references it. You must first edit the network policy so that it does not reference the profile that you want to remove.To remove a single profile, select the check box for that profile, and then select 
and confirm or cancel the deletion.
To remove multiple profiles, select the check boxes for the profiles that you want to remove by either one of the following multiselection methods shift-selecting multiple contiguous profiles or selecting the check boxes for multiple non-contiguous profiles. You can use these methods in combination. For example, you can shift-select several contiguous profiles, and then select check boxes of non-contiguous profiles. Then select and confirm or cancel the deletion.
Copyright © 2020 Extreme Networks. All rights reserved. Published March 2020.