Table 80: Firewall Policy Rule Parameters

Field

Description

Source (required)

Source of the traffic, which can be one of the following:

 

any: Acts as a wildcard and applies to any source address.

 

user: This refers to traffic from the wireless client.

 

host: This refers to traffic from a specific host. When this option is chosen, you must configure

 

the IP address of the host.

 

network: This refers to a traffic that has a source IP from a subnet of IP addresses. When this

 

option is chosen, you must configure the IP address and network mask of the subnet.

 

alias: This refers to using an alias for a host or network. You configure the alias by navigating to

 

the Configuration > Advanced Services > Stateful Firewall > Destination page.

 

 

Destination

Destination of the traffic, which can be configured in the same manner as Source.

(required)

 

 

 

Service

Type of traffic, which can be one of the following:

(required)

any: This option specifies that this rule applies to any type of traffic.

 

tcp: Using this option, you configure a range of TCP port(s) to match for the rule to be applied.

 

udp: Using this option, you configure a range of UDP port(s) to match for the rule to be applied.

 

service: Using this option, you use one of the pre-defined services (common protocols such as

 

HTTPS, HTTP, and others) as the protocol to match for the rule to be applied. You can also

 

specify a network service that you configure by navigating to the Configuration > Advanced

 

Services > Stateful Firewall > Network Services page.

 

protocol: Using this option, you specify a different layer 4 protocol (other than TCP/UDP) by

 

configuring the IP protocol value.

 

 

Action (required)

The action that you want the controller to perform on a packet that matches the specified criteria.

 

This can be one of the following:

 

permit: Permits traffic matching this rule.

 

drop: Drops packets matching this rule without any notification.

 

reject: Drops the packet and sends an ICMP notification to the traffic source.

 

src-nat: Performs network address translation (NAT) on packets matching the rule. When this

 

option is selected, you need to select a NAT pool. (If this pool is not configured, you configure a

 

NAT pool by navigating to the Configuration > Advanced > Security > Advanced > NAT Pools).

 

Source IP changes to the outgoing interface IP address (implied NAT pool) or from the pool

 

configured (manual NAT pool). This action functions in tunnel/decrypt-tunnel forwarding mode.

 

dst-nat: This option redirects traffic to the configured IP address and destination port. An

 

example of this option is to redirect all HTTP packets to the captive portal port on the Dell

 

controller as used in the pre-defined policy called “captiveportal”. This action functions in

 

tunnel/decrypt-tunnel forwarding mode. User should configure the NAT pool in the controller.

 

dual-nat: This option performs both source and destination NAT on packets matching the rule.

 

Forward packets from source network to destination; re-mark them with destination IP of the

 

target network. This action functions in tunnel/decrypt-tunnel forwarding mode. User should

 

configure the NAT pool in the controller.

 

redirect to tunnel: This option redirects traffic into a GRE tunnel. This option is used primarily to

 

redirect all guest traffic into a GRE tunnel to a DMZ router/switch.

 

redirect to ESI group: This option redirects traffic to the specified ESI server group. You also

 

specify the direction of traffic to be redirected: forward, reverse, or both directions.

 

route: Specify the next hop to which packets are routed, which can be one of the following:

dst-nat: Destination IP changes to the IP configured from the NAT pool. This action func- tions in bridge/split-tunnel forwarding mode. User should configure the NAT pool in the con- troller.

src-nat:Source IP changes to RAP’s external IP. This action functions in bridge/split-tunnel forwarding mode and uses implied NAT pool.

Log (optional)

Logs a match to this rule. This is recommended when a rule indicates a security breach, such as a

 

data packet on a policy that is meant only to be used for voice calls.

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Roles and Policies 298

Page 298
Image 298
Dell 6.2 manual IP address of the host, This can be one of the following, Configure the NAT pool in the controller

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.