Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

171

172

173

174

175

176

177

178

179

180

178 | Roles and Policies Aruba Instant 6.4.0.2-4.1 | User Guide

l Configuring Web Policy Enforcement on page 250

Configuring AccessRules for Network Services

This section describes the procedure for configuring ACLs to control access to network services. For information on:

l Configuring access rules based on application and application categories, see Configuring Access Rules for

Application and Application Categories on page 247.

l Configuring access rules based on web categories and web reputation, see Configuring Web Policy Enforcement

on page 250.

In the Instant UI

To configure ACL rules for a user role:

1. Navigate to Security > Roles tab. The Roles tab contents are displayed.

You can also configure access rules for a wired or wireless client through the WLAN wizard (Network

tab>WLAN SSID> Edit>Edit WLAN > Access )or the Wired profile (More > Wired>Edit> Edit Wired

Network> Access) window.

2. Select the role for which you want to configure access rules.

3. In Access rules section, click New to add a new rule. The New Rule window is displayed.

4. Ensure that the rule type is set to Access Control

5. To configure a rule to control access to network services, select Network under service category and specify the

following parameters:

Service

Category

Description

Network

Select a service from the list of available services. You can allow or deny access to any or all

of the following services based on your requirement:

l any—Access is allowed or denied to all services.

l custom—Available options are TCP, UDP, and Other. If you select the TCP or UDP options,

enter appropriate port numbers. If you select the Other option, enter the appropriate ID.

NOTE: If TCP and UDP uses the same port, ensure that you configure separate access rules

to permit or deny access.

Action

Select any of following actions:

l Select Allow to allow access users based on the access rule.

l Select Deny to deny access to users based on the access rule.

l Select Destination-NAT to allow changes to destination IP address.

l Select Source-NAT to allow changes to the source IP address.

The destination-nat and source-nat actions apply only to the network services rules.

Destination

Select a destination option for the access rules for network services, applications, and

application categories. You can allow or deny access to any the following destinations based

on your requirements.

l to all destinations— Access is allowed or denied to all destinations.

l to a particular server—Access is allowed or denied to a particular server. After selecting

this option, specify the IP address of the destination server.

l except to a particular server—Access is allowed or denied to servers other than the

specified server. After selecting this option, specify the IP address of the destination

server.

l to a network—Access is allowed or denied to a network. After selecting this option, specify

Table 35:

Access Rule Configuration Parameters