Concept Guide
the W-IAP. If the destination already has a user role assigned, the user role overrides the actions or options
specified in inbound firewall configuration. However, if a deny rule is defined for the inbound traffic, it is
applied irrespective of the destination and user role. Unlike the ACL rules in a WLAN SSID or wired profile, the
inbound firewall rules can be configured based on the source subnet.
For all subnets, a deny rule is created by default as the last rule. If at least one rule is configured, the deny all
rule is applied to the upstream traffic by default.
Management access to the AP is allowed irrespective of the inbound firewall rule. For more information on
configuring restricted management access, see restricted-mgmt-access.
The inbound firewall is not applied to traffic coming through GRE tunnel.
Example
The following example configures inbound firewall rules:
(Instant AP)(config)# inbound-firewall
(Instant AP)(inbound-firewall)# rule 192.0.2.1 255.255.255.255 any any match 6 631 631 permit
(Instant AP)(inbound-firewall)# end
(Instant AP)# commit apply
Command History
Version Description
Dell Networking W-Series Instant 6.4.0.2-
4.1
This command is introduced.
Command Information
W-IAP Platform Command Mode
All platforms
Configuration mode and inbound firewall configuration sub-
mode.
Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | CLI Reference Guide inbound-firewall | 157