beautypg.com

Firewall deployment considerations, Configuring ip firewall rules, N, see – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 590: Configuring ip firewall, Rules

background image

578

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

10

6. Select + Add Row as needed to add additional MAC firewall Rule configurations. Select the -

Delete Row icon as required to remove selected MAC firewall Rules.

7. Select OK when completed to update the MAC firewall Rules. Select Reset to revert the screen

back to its last saved configuration.

Firewall Deployment Considerations

Configuring a Firewall Policy

Before defining a firewall configuration, refer to the following deployment guidelines to ensure the
configuration is optimally effective:

Firewalls implement access control policies, so if you don't have an idea of what kind of access
to allow or deny, a firewall is of little value.

It's important to recognize the firewall's configuration is a mechanism for enforcing a network
access policy.

A role based firewall requires an advanced security license to apply inbound and outbound
firewall policies to users and devices

Firewalls cannot protect against tunneling over application protocols to poorly secured wireless
clients.

Firewalls should be deployed on WLANs implementing weak encryption to minimize access to
trusted networks and hosts in the event the WLAN is compromised.

Firewalls should be enabled when providing managed Hotspot guest access. Firewall policies
should be applied to Hotspot enabled WLANs to prevent guest user traffic from being routed to
trusted networks and hosts.

Configuring IP Firewall Rules

Wireless Firewall

Action

The following actions are supported:
Log - Events are logged for archive and analysis.
Mark - Modifies certain fields inside the packet and then permits them. Therefore, mark is an action with
an implicit permit.
- VLAN 802.1p priority.
- DSCP bits in the IP header.
- TOS bits in the IP header.
Mark, Log - Conducts both mark and log functions.

Ethertype

Use the drop-down menu to specify an Ethertype of either ipv6, arp, wisp, or monitor 8021q. An EtherType
is a two-octet field within an Ethernet frame. It’s used to indicate which protocol is encapsulated in the
payload of an Ethernet frame.

Precedence

Use the spinner control to specify a precedence for this MAC firewall rule between 1 - 1500. Rules with
lower precedence are always applied first to packets.

Description

Provide a description (up to 64 characters) for the rule to help differentiate the it from others with similar
configurations.

See also other documents in the category Brocade Computer Accessories: