Owners manual
184 | Roles and Policies Aruba Instant 6.4.0.2-4.1 | User Guide
Managing Inbound Traffic
Instant now supports an enhanced inbound firewall by allowing the configuration of firewall rules and management
subnets, and restricting corporate access through an uplink switch.
To allow flexibility in firewall configuration, Instant supports the following features:
l Inbound firewall rules
l Configurable management subnets
l Restricted corporate access
Configuring Inbound Firewall Rules
You can now configure firewall rules for the inbound traffic coming through the uplink ports of an IAP. The rules
defined for the inbound traffic are applied if the destination is not a user connected to the IAP. If the destination
already has a user role assigned, the user role overrides the actions or options specified in inbound firewall
configuration. However, if a deny rule is defined for the inbound traffic, it is applied irrespective of the destination and
user role. Unlike the ACL rules in a WLAN SSID or wired profile, the inbound firewall rules can be configured based
on the source subnet.
For all subnets, a deny rule is created by default as the last rule. If at least one rule is configured, the deny all rule is
applied to the upstream traffic by default.
Management access to the AP is allowed irrespective of the inbound firewall rule. For more information on
configuring restricted management access, see Configuring Management Subnets on page 186.
The inbound firewall is not applied to traffic coming through GRE tunnel.
You can configure inbound firewall rules through the Instant UI or CLI.
In the Instant UI
1. Navigate to Security > Inbound Firewall tab. The Inbound Firewall tab contents are displayed.
2. Under Inbound Firewall Rules, click New. The New Rule window is displayed.
Figure 54 Inbound Firewall Rules - New Rule Window
3. Configure the following parameters: