Specifications
OmniAccess Reference: AOS-W System Reference
64 Part 031652-00 May 2005
To edit or delete existing policies, click the appropriate button. Note that some
policies are system policies and cannot be deleted. The Policy Usage column
will display which user roles currently have a policy applied – if a policy is in
use, it cannot be deleted. To delete a policy that is in use, first edit the user role
and delete the policy, then return to the policies screen to delete it.
To add a new policy, click the Add button. The “Add New Policy” screen
appears, as shown in the figure below. Supply a descriptive name for the new
policy, and click
Add under Rules to begin adding rules.
FIGURE 5-4 Add New Policy
Source/Destination
Identical parameters are available for both source and destination selection.
Traffic policies are bi-directional, and will match traffic in either direction. A
packet will match a particular rule in the traffic policy only if the rule is matched
exactly, meaning that source address, destination address, and service all
match. However, traffic policies are stateful. For example, when a wireless
user generates a DNS request to a DNS server, the traffic policy will
automatically create a session entry for the response so that the response will
be permitted. Because traffic policies are stateful, it is not necessary to
configure separate rules for inbound and outbound traffic. All packets that
match an identified flow will receive the same treatment by the traffic policy.
Five choices exist for both source and destination.
Any – Alias that represents any IP address.
User –Alias that represents the user’s IP address. When a traffic policy
containing the “user” alias is applied to an authenticated user, this alias is
replaced by the IP address assigned to that user. With this alias, generic traffic
policies can be configured that will automatically be customized at the time of
user login.
Host – A single IP address.