Add IP Firewall Policy Rules

About this task

Use this task to create IP firewall policy rules that determine how the device manages traffic based on network or application services, and source and destination IP addresses.

Procedure

  1. Select the add icon.
  2. Select one or more network or application services.

    Network Service objects identify Layer 4 traffic by protocol and port number. Extreme Networks provides a number of predefined services. Select the add icon to create a new network service. For more information, see Add a Network Service Object.

    1. Choose either Network Services or Application Services.
      You cannot select both.
    2. Select up to 100 items.
    3. Select Add Service.
  3. Select a source IP address, host name, network, or Any from the drop-down list, or select New to add a new IP address, host name, or network.
  4. Select a destination IP address, host name, network, or Any from the drop-down list, or select New to add a new IP address, host name, or network.
  5. Select the action the device performs when it receives traffic matching the source address-destination address-service.
    The firewall can perform the following actions:
    • Permit: Allows traffic to traverse the firewall.
    • Deny: Blocks traffic from traversing the firewall.
    • Drop traffic between stations: Drops traffic between stations if both stations are associated with one or more members of the same hive. This setting applies to unicast, broadcast, and multicast traffic that the device receives on an interface in access mode.
    • NAT: Translates the source IP address of a packet permitted to traverse the firewall to that of the mgt0 interface on the device.
  6. Choose one of the following logging options from the drop-down list:
    • Off: Disables logging for packets and sessions that match the IP firewall policy rule.
    • Session Initiation: Log details about a session created after passing an IP firewall policy lookup.
    • Session Termination: Log details about a session matching an IP firewall policy termination.
    • Both: Log details after initiating and terminating a session.
  7. Select Save.

What to do next

As you continue to add rules to a policy, each subsequent rule is positioned at the bottom of the list. Use the up and down arrows in the rules table to rearrange the position of rules to determine their application order.