Dell 6.2 Table80 :

Field Description

Source(requi red) Sourceof the traffic, which can be one of the followi ng:

lany:Acts as a wildcard and appli esto any source address.

luser:Thi srefers to traffic from the wireless client.

lhost:This refers to traffic from a specific host. W hen this option is chosen, you must configure

theIP address of the host.

lnetwork:Thi srefers to a traffic that has a sourceIP from a subnet of IP addresses. When this

optioni schosen, you must configure the IP address and network mask of thesubnet.

lalias: This refersto using an ali asfor a host or network. You configure the alias by navigating to

theConfiguration > Advanced Services > Stateful Firewall > Destination page.

Destination

(required)

Destinationof the traffic, which can be configured in the same manner as Source.

Service

(required)

Typeof traffic, which can be one of the following:

lany:Thi s option specifies that this rule applies to any type of traffic.

ltcp:Using this option, you configure a range of TCP port(s) to match for the rule to be applied.

ludp: Usingthis option, you configure a range of UDP port(s) to match forthe rule to be appli ed.

lservice:Using this option, you use one of the pre-defined services (common protocols such as

HTTPS, HTTP, and others)as the protocol to match for the rule to be applied. You can also

specifya network service that you configure by navigating tothe Configuration > Advanced

Services> StatefulFirewal l > Network Services page.

lprotocol: Usingthis option, you specify a different layer 4 protocol (other thanTC P/UDP)by

configuring theIP protocol value.

Action(required) Theaction that you want the controller to perform on a packet that matchesthe specified criteria.

Thiscan be one of the followi ng:

lpermit: Permits traffic matching this rule.

ldrop: Dropspackets matching this rul e without any notification.

lreject: Dropsthe packet and sends an ICMP notification to the trafficsource.

lsrc-nat:Performs network address translation (NAT) on packetsmatching the rule. W hen this

optioni sselected, you need to select a NAT pool. (If this pool is not configured, you configure a

NATpool by navigating to the Configuration > Advanced > Security > Advanced > NAT Pools).

SourceIP changes to the outgoing interface IP address (implied NAT pool) or from the pool

configured(manual NATpool). Thi s action functionsin tunnel/decrypt-tunnel forwarding mode.

ldst-nat:This option redirects traffic to the configured IP addressand destination port. An

example ofthis option is to redirect all HTTP packets to the captive portal port on the Dell

controller asused in the pre-defined poli cycal led “captiveportal”.Thi saction functions in

tunnel/decrypt-tunnelforwarding mode. User should configure the NAT pool in the controller.

ldual-nat: This option performsboth source and destination NAT on packets matching the rule.

Forwardpackets from source network to destination; re-mark them with destination IP of the

targetnetwork. This action functions in tunnel/decrypt-tunnel forwarding mode. User should

configurethe NAT pool in the controller.

lredirectto tunnel: Thi soption redi rectstraffic into a GRE tunnel. This option is used primaril yto

redirectal l guesttraffic into a GRE tunnel to a DMZ router/switch.

lredirectto ESI group: Thi soption redi rectstraffic to the specified ESI server group. You also

specifythe direction of traffic to be redirected: forward, reverse, or both directions.

lroute:Specifythe next hop to which packets are routed, which can be one of the following:

ldst-nat:Destination IP changes to the IP configured from the NATpool . This action func-

tionsin bri dge/split-tunnelforwardi ng mode. User should configure theNAT pool i n thecon-

troller.

lsrc-nat:SourceIP changes to RAP’ s external IP. This action functions in bridge/split-tunnel

forwarding mode and usesi mplied NAT pool.

Log(optional) Logsa match to this rule. This is recommended w hen a rule indicates a securitybreach, suchas a

datapacket on a policy that is meant only to be used for voice calls.

Table80 :

FirewallPolicy Rule Parameters

DellPowerConnect W- Series ArubaOS 6.2 | UserGuide Rolesand Policies | 298