IP Classification-based Firewall
ArubaOS supports IP classification-based firewall Firewall is a network security system used for preventing unauthorized access to or from a private network.. IP classification helps to identify the IP address and geolocation from where malicious activities originate.
With the IP classification any inbound attack from the malicious end points may be stopped at the managed device itself and thereby, protect the client devices behind the managed device. IP classification uses the IP reputation and IP geolocation databases. The IP reputation and IP geolocation databases are periodically updated and synchronized with partnering servers from Webroot or Brightcloud.
The IP reputation database contains all the current known IP addresses associated with various malicious activities. This database lists the IP addresses and the corresponding threats, like botnet, DoS Denial of Service. DoS is any type of attack where the attackers send excessive messages to flood traffic and thereby preventing the legitimate users from accessing the service., spam sources, and so on originated by them. If an IP address is classified as malicious, the traffic sent to or received from that address may be denied based on the configured policy.
The IP geolocation database determines the geographical location of an IP address from where the traffic is received or to which the traffic is sent. If the geographic location of an IP address is determined, traffic may be permitted or denied after scanning the configured geography-based rules policy.
The IP geolocation database provides granularity of the geolocation of the IP address to the level of a country and city. It provides powerful visualizations that may be used to demonstrate the top countries that originate malware or spyware traffic or top countries from where maximum DDoS attacks are received. This information may be used to formulate geolocation firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies to protect the internal network resources and keep the network healthy.
The benefits of this IP classification-based firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. include:
- Identify and prevent any attack from a malicious host.
- Identify the geolocation of incoming or outgoing traffic.
- Identify the location from where maximum spyware, malware, or DDoS attacks originate.
- Provide geolocation visibility information about the traffic flows.
- Formulate firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies based on geolocation of IP address to permit or deny traffic.
The existing firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy enforcement in ArubaOS relies on L3 or L4 to L7 information with DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. or WebCC support. IP classifiaction extends the firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. by allowing a user to define new IP classification-based firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies.
- All traffic originating from Remote AP Remote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. users is exempted from location-based firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies.
- IP classification is applied to all traffic destined to the managed device for all forwarding modes, except the bridge mode traffic which is locally routed at the AP. For split-tunnel mode, IP classification is applied only for the split-tunneled traffic that is destined to the managed device.
- IP classification is applicable only for IPv4 addresses. IP classification based access policies for IPv6 addresses is not supported.
To enable IP classification-based firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] (config) #firewall
(host) [mynode] (config-submode)#ip-classification
To configure IP classification-based policy using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] (config) #ip access-list geolocation global-geolocation-acl [permit|deny] [to|from] location
where location is either of:
- anonymous_proxy - Match packets from or to anonymous proxy
- any - Match any location
- country - Match packets from or to a country
- region - Match packets from or to a region
To configure IP reputation rule using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] (config) #ip-reputation deny [inbound|outbound]
To view IP reputation table using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show datapath ip-reputation
To view IP reputation counters using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show datapath ip-reputation counters
To view IP reputation real time cache using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show datapath ip-reputation rtc
To view IP geolocation table using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show datapath ip-geolocation
To view IP geolocation counters using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show datapath ip-geolocation counters
To view IP classification table using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show datapath session ip-classification
To view IP classification-based policy using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
(host) [mynode] #show ip access-list global-geolocation-acl
