Add Client Role Firewall Rules

A firewall is a mechanism enforcing access control, and is considered a first line of defense in protecting proprietary information within the network. The means by which this is accomplished varies, but in principle, a firewall can be thought of as mechanisms both blocking and permitting data traffic based on inbound and outbound IP and MAC rules.

IP-based firewall rules are specific to source and destination IP addresses and the unique rules and precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be filtered by applying both an IP ACL and a MAC.

Additionally, administrators can filter Layer 2 traffic on a physical Layer 2 interface using MAC addresses. A MAC firewall rule uses source and destination MAC addresses for matching operations, where the result is a typical allow, deny, or mark designation to packet traffic.

To apply firewall rules to a wireless client role:

  1. Select the Firewall Rules tab to set default Firewall rules for Inbound and Outbound IP and MAC Firewall rules.
    Click to expand in new window
    Wireless Client Roles - Add/Edit - Roles - Firewall Rules Tab
  2. Set the Vlan ID (from 1 - 4094) for the virtual LAN used by clients matching the IP or MAC inbound and outbound rules of this policy.
  3. Use the drop-down to select the appropriate Application Policy to use with this firewall rule.
    An application policy defines the rules or actions executed on recognized HTTP (Facebook), enterprise (Webex), and peer-to-peer (gaming) applications or application-categories (layer-7 traffic).
    Note

    Note

    The WiNG 7.1.X release does not support third-party DPI engine on the AP5XX model access points. WiNG 7.1.2 supports ExtremeAnalytics for ExtremeCloud IQ - Site Engine (Purview™) DPI engine on the WiNG 7.1.X APs. For more information, refer the WiNG 7.1.2 CLI Reference guide, available at https://extremenetworks.com/documentation.
  4. Specify an IPv6 Inbound or IPv6 Outbound firewall rule by selecting a rule from the drop-down menu and use the spinner control to assign the rule Precedence.
    Rules with lower precedence are always applied first to packets. Select the + Add Row button or Delete icon as needed to add or remove IPv6 firewall rules. If no IPv6 Inbound or Outbound firewall ACL exist create the IPv6 firewall ACL and use here.
  5. Specify an IP Inbound or IP Outbound firewall rule by selecting a rule from the drop-down menu and use the spinner control to assign the rule Precedence.
    Rules with lower precedence are always applied first to packets. Select the + Add Row button or Delete icon as needed to add or remove IP firewall rules. If no IP Inbound or Outbound firewall ACL exist create the IP firewall ACL and use here.
  6. Specify an MAC Inbound or MAC Outbound firewall rule by selecting a rule from the drop-down menu and use the spinner control to assign the rule Precedence.
    Rules with lower precedence are always applied first to packets. Select the + Add Row button or Delete icon as needed to add or remove MAC firewall rules. If no MAC Inbound or Outbound firewall ACL exist create the MAC firewall ACL and use here.
  7. Select OK to save the Firewall Rules updates.
    Select Reset to revert to the last saved configuration.