Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
APs support identity-based access control to enforce application-layer security, prioritization, traffic forwarding, and network performance policies for wired and wireless networks. Using the AP firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies, you can enforce network access policies to define access to the network, areas of the network that the user may access, and the performance thresholds of various applications.
APs support a role-based stateful firewall. In other words, the firewall can recognize flows in a network and keep track of the state of sessions. The firewall logs on the APs are generated as syslog messages. The firewall feature also supports ALG Application Layer Gateway. ALG is a security component that manages application layer protocols such as SIP, FTP and so on. functions such as SIP Session Initiation Protocol. SIP is used for signaling and controlling multimedia communication session such as voice and video calls. , Vocera, Alcatel NOE New Office Environment. NOE is a proprietary VoIP protocol designed by Alcatel-Lucent Enterprise., and Cisco Skinny protocols.
ACL Rules
You can use ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. rules to either permit or deny data packets passing through the AP. You can also limit packets or bandwidth available to a set of user roles by defining access rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses.
You can create access rules to allow or block data packets that match the criteria defined in an access rule. You can create rules for either inbound traffic or outbound traffic. Inbound rules explicitly allow or block the inbound network traffic that matches the criteria in the rule. Outbound rules explicitly allow or block the outbound network traffic that matches the criteria in the rule. For example, you can configure a rule to explicitly block outbound traffic to an IP address through the firewall.
The AP clients are associated with user roles, that determine the client’s network privileges and the frequency at which clients re-authenticate with AP. AP supports the following types of ACLs:
- ACLs that permit or deny traffic based on the source IP address of the packet.
- ACLs that permit or deny traffic based on source or destination IP address, or source or destination port number.
You can configure up to 64 ACLs for a firewall policy.
Important Points to Note
- The maximum number of IPv4 addresses that are allowed in IP address range is 16.
- A netdestination definition can have a maximum of 256 netdestination entries.
- A maximum of 1024 netdestination entries are allowed on the AP.
- A maximum of 127 name-based ACL entries are allowed on the AP.
