Use this task to create IP firewall policy rules that determine how the device
manages traffic based on network or application services, and source and destination
IP addresses.
-
Select the add icon.
-
Select one or more network or
application services.
Network
Service objects identify Layer 4 traffic by protocol and
port number. Extreme Networks provides a number of predefined services.
Select the add icon to create a new network service. For more information,
see Add a Network Service Object.
-
Choose either Network
Services or Application
Services.
You cannot select
both.
-
Select up to 100
items.
-
Select Add
Service.
-
Select a source IP address,
host name, network, or Any from the drop-down list, or select New to add a new
IP address, host name, or network.
-
Select a destination IP address,
host name, network, or Any from the drop-down list, or select New to add a new
IP address, host name, or network.
-
Select the action the device performs when it receives traffic matching the
source address-destination address-service.
The firewall can perform the
following actions:
- Permit:
Allows traffic to traverse the firewall.
- Deny:
Blocks traffic from traversing the firewall.
- Drop traffic between
stations: Drops traffic between stations if both
stations are associated with one or more members of the same hive. This
setting applies to unicast, broadcast, and multicast traffic that the
device receives on an interface in access mode.
- NAT:
Translates the source IP address of a packet permitted to traverse the
firewall to that of the mgt0 interface on the device.
-
Choose one of the following logging options from the drop-down list:
- Off: Disables logging for packets and sessions
that match the IP firewall policy rule.
- Session
Initiation: Log details about a session created after
passing an IP firewall policy lookup.
- Session
Termination: Log details about a session matching an IP
firewall policy termination.
- Both: Log
details after initiating and terminating a session.
-
Select Save.
As you continue to add rules to a policy, each subsequent rule is positioned at the
bottom of the list. Use the up and down arrows in the rules table to rearrange the
position of rules to determine their application order.