You can apply IPv4 and IPv6 firewall policies to the same user role. ACLs typically require static IP addresses in the rule.
For example, the alias user in a policy automatically applies to the IP address assigned to a particular user. ACLs are normally applied to either traffic inbound to an interface or outbound from an interface.įirewall policies are dynamic, meaning that address information in the policy rules can change as the policies are applied to users. For example, if a firewall policy permits telnet traffic from a client, the policy also recognizes that inbound traffic associated with that session should be allowed.įirewall policies are bi-directional, meaning that they keep track of data connections traveling into or out of the network. You can apply firewall policies to user roles to give differential treatment to different users on the same network, or to physical ports to apply the same policy to all traffic through the port.įirewall policies differ from access control lists (ACLs) in the following ways: įirewall policies are stateful, meaning that they recognize flows in a network and keep track of the state of sessions. In a n Aruba controller, that action can be a firewall-type action such as permitting or denying the packet, an administrative action such as logging the packet, or a quality of service (QoS) action such as setting 802.1p bits or placing the packet into a priority queue. Configuring Firewall Policies Configuring Firewall PoliciesĪ firewall policy identifies specific characteristics about a data packet passing through the Aruba controller and takes some action based on that identification.
0 kommentar(er)
