Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Selective Inspection
Are client roles that are orchestrated through Campus Overlay SSID supported?
Yes, the client roles orchestrated through Campus Overlay SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. creation are supported. It is based on the client role derived on the gateway.
Can I associate a policy to any T3 Bucket?
Starting HPE Aruba Networking Central 2.5.7 version, policy can be associated to only one bucket and other bucket has no policy. The Safe T3 bucket is a bypass inspection bucket and does not have any policy associated to it.
Can I edit the T3 Bucket name?
Yes, you can change the T3 Bucket name.
Does Selective Inspection support the downloadable user roles?
No, selective inspection does not support the downloadable user roles (DUR). It is not supported in AOS-10.x. However, it can be interpreted as Selective Inspection or DUR.
How is bypass different in Selective Inspection and Bypass Inspection for Large Dataflows?
Bypass Inspection for Large Dataflows is used only to bypass the inspection for the large SMB Server Message Block or Small and Medium Business. Server Message Block operates as an application-layer network protocol mainly used for providing shared access to files, printers, serial ports, and for miscellaneous communications between the nodes on a network. data transfers in order to give better performance to the overall system not affecting the latency. For more information, see Manage Rules in IDPS Policies.
Whereas, in Selective Inspection the choice is given to the administrator to selectively bypass or inspect the traffic. Threat vectors are used to specify which client roles or network aliases require inspection or require bypassing. For more information, see Manage Selective Inspection.
How is Selective Inspection buckets different from role-based ACLs?
In the role-based ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port., only one role is selected for each ACL. In Selective Inspection, you can group the required client roles under the bucket and apply the inspection policy for multiple roles without having to define a separate ACL for each.
Is it possible to selectively bypass or inspect specific trusted traffic?
Yes, starting HPE Aruba Networking Central 2.5.8 version, it is possible to bypass or inspect the trusted traffic. For the trusted traffic to go through inspection, define a network alias to it and assign that to the appropriate T3 bucket.
Is there any limitation to the number of client roles that can be added to a T3 bucket?
No, there is no limit. Any number of client roles that are defined in the gateway page can be used.
Traffic has source and destination role, which one is considered for the Selective Inspection?
Only the source role and source network (IP) is considered for the selective inspection.
What is considered as trusted traffic?
Anything connected to the trusted port does not get authenticated or get any role. Therefore, a policy cannot be assigned to it. In Selective Inspection, the Trusted Traffic is provided as a separate category and is available for assigning a role or policy. It cannot be deleted and the administrator must explicitly assign Trusted Traffic to one of the bucket.
What is the benefit of Selective Inspection?
Implicit benefit of Selective Inspection is the increased overall throughput of the gateway. Because, only a part of the traffic is inspected. Selective inspection provides flexibility to the network administrator to choose what to inspect, help in troubleshooting large scale impacts, enable PoC without impacting others, evaluate performance impacts, monitor a particular role or network, and so on.
What type of network alias does Selective Inspection support?
Selective Inspection supports only a single IP address or a single host name as network alias.
If a network alias configuration is edited, is it automatically updated on Selective Inspection?
Yes, if the IP address is changed for the network alias, then it is automatically updated at the end of the network session. Selective Inspection refers the object that is the network alias and considers host address as a value of this object.
How is the Selective Inspection policy evaluated?
Policy is evaluated in a sequence based on the default settings and administrator assignments. For more information, see Understanding Policy Evaluation.
