Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3400

431

432

433

434

435

436

437

438

439

440

Field Description

IP version Specifies whether the policy applies to IPv4 or IPv6 traffic.

Source

(required)

Source of the traffic, which can be one of the following:

l any: Acts as a wildcard and applies to any source address.

l user: This refers to traffic from the wireless client.

l host: This refers to traffic from a specific host. When this option is chosen, you

must configure the IP address of the host.

l network: This refers to a traffic that has a source IP from a subnet of IP addresses.

When this option is chosen, you must configure the IP address and network mask

of the subnet.

l alias: This refers to using an alias for a host or network. You configure the alias by

navigating to the Configuration > Advanced Services > Stateful Firewall >

Destination page.

Destination

(required)

Destination of the traffic, which can be configured in the same manner as Source.

Service

(required)

Type of traffic, which can be one of the following:

l any: This option specifies that this rule applies to any type of traffic.

l application: For session and route policies on a W-7000 Series controller, you can

create a rule that applies to a specific application type. Click the Application

drop-down list and select an application type.

l application category: For session and route policies on a W-7000 Series controller,

you can create a rule that applies to a specific application category. Click the

Application Category drop-down list and select a category type.

l web category/ Reputation: For session policies on a W-7000 Series controller,

you can create a rule that applies to a specific web category or application type.

For more information on web category classification, see AppRF on page 828

l tcp: Using this option, you configure a range of TCP port(s) to match for the rule to

be applied.

l udp: Using this option, you configure a range of UDP port(s) to match for the rule

to be applied.

l service: Using this option, you use one of the pre-defined services (common

protocols such as HTTPS, HTTP, and others) as the protocol to match for the rule

to be applied. You can also specify a network service that you configure by

navigating to the Configuration > Advanced Services > Stateful Firewall >

Network Services page.

l protocol: Using this option, you specify a different layer 4 protocol (other than

TCP/UDP) by configuring the IP protocol value.

Action

(required)

The action that you want the controller to perform on a packet that matches the

specified criteria. This can be one of the following:

l permit: Permits traffic matching this rule.

l drop: Drops packets matching this rule without any notification.

Table 82: Firewall Policy Rule Parameters

Dell Networking W-Series ArubaOS 6.4.x | User Guide Roles and Policies | 440