Add Client Role Firewall Rules
A firewall is a mechanism enforcing
access control, and is considered a first line of defense in protecting proprietary
information within the network. The means by which this is accomplished varies, but in
principle, a firewall can be thought of as mechanisms both blocking and permitting data
traffic based on inbound and outbound IP and MAC rules.
IP-based firewall rules are
specific to source and destination IP addresses and the unique rules and precedence
orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be
filtered by applying both an IP ACL and a MAC.
Additionally, administrators
can filter Layer 2 traffic on a physical Layer 2 interface using MAC addresses. A
MAC firewall rule uses source and destination MAC addresses for matching operations,
where the result is a typical allow, deny, or mark designation to packet
traffic.
To apply firewall rules to a wireless
client role:
-
Select the Firewall Rules
tab to set Firewall rules to IP, IPv6, and MAC traffic originating
from clients associated with this role.
Wireless Client Roles
- Add/Edit - Roles - Firewall Rules Tab
-
Set the Vlan ID (from 1 -
4094) for the virtual LAN used by clients matching the IP or MAC inbound and
outbound rules of this policy.
-
Use the Application
Policy drop-down menu to select the appropriate Application
policy to use with this firewall rule.
An application policy defines
the rules or actions executed on recognized HTTP (e.g., Facebook), enterprise
(e.g., Webex), and peer-to-peer (e.g., gaming) applications or
application-categories traffic.
Legacy WiNG devices use a third-party DPI
engine to detect top-level hosting applications along with the services
these applications host. Whereas, WiNG AP5xx model APs, running on WiNG
7.1.2 and later versions of the WiNG 7 OS, use Purview™ libDPI engine to
enforce AVC.
For legacy, 802.11ac APs specify an Application policy
to enforce AVC. For information, see Create an Application Policy and Create an Application Group.
For 802.11ax, AP5xx APs, running WiNG 7.1.2 and
later versions of WiNG 7 OS, specify an Purview application policy to
enforce AVC. For more information, refer to the WiNG 7.2.1 CLI reference
guide.
-
Specify an IPv6 Inbound or
IPv6
Outbound firewall rule by selecting a rule from the drop-down
menu and use the spinner control to assign the rule precedence.
Rules with lower precedence are
always applied first to packets. Select the + Add Row button
or Delete
icon as needed to add or remove IPv6 firewall rules. If no IPv6 Inbound or
Outbound firewall ACL exist create the IPv6 firewall ACL and use here.
-
Specify an IP Inbound or
IP
Outbound firewall rule by selecting a rule from the drop-down
menu and use the spinner control to assign the rule Precedence.
Rules with lower precedence are
always applied first to packets. Select the + Add Row button
or Delete
icon as needed to add or remove IP firewall rules. If no IP Inbound or Outbound
firewall ACL exist create the IP firewall ACL and use here.
-
Specify an MAC Inbound or
MAC
Outbound firewall rule by selecting a rule from the drop-down
menu and use the spinner control to assign the rule Precedence.
Rules with lower precedence are
always applied first to packets. Select the + Add Row button
or Delete
icon as needed to add or remove MAC firewall rules. If no MAC Inbound or
Outbound firewall ACL exist create the MAC firewall ACL and use here.
-
Select OK to save the
Firewall Rules updates.
Select Reset to revert
to the last saved configuration.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB