Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

418

Brocade Mobility Access Point System Reference Guide

53-1003100-01

6

FIGURE 12

WLAN Security - IP Firewall Rules - IP Firewall Rules Add Criteria screen

NOTE

Only those selected IP ACL filter attributes display. Each value can have its current settings adjusted
by selecting that IP ACL’s column to display a pop-up to adjust that one value.

Define the following parameters for either inbound or outbound IP Firewall Rules:

Precedence

Specify or modify a precedence for this IP policy between 1-1500. Rules with lower precedence are
always applied to packets first. If modifying a precedence to apply a higher integer, it will move
down the table to reflect its lower priority.

Action

Every IP Firewall rule is made up of matching criteria rules. The action defines what to do with the
packet if it matches the specified criteria. The following actions are supported:

•

Deny - Instructs the Firewall to prohibit a packet from proceeding to its destination.

•

Allow - Instructs the Firewall to allow a packet to proceed to its destination.

Source

Select the source IP address or network group configuration used as a basis matching criteria for
this IP ACL rule. Source options include:

•

Any – Indicates any host device in any network.

•

Network – Indicates all hosts in a particular network. Subnet mask information has to be
provided for filtering based on network.

•

Host – Indicates a single host with a specific IP address.

•

Alias – Indicates a collection of IP addresses or hostnames or IP address ranges which are
configured as a single unit. This is for ease of configuration of ACLs. When selected, all IP
addresses or hostnames or IP address ranges are used in this ACL.

Destination

Select the destination IP address or network group configuration used as a basis matching criteria
for this IP ACL rule. Destination options include:

•

Any – Indicates any host device in any network.

•

Network – Indicates all hosts in a particular network. Subnet mask information has to be
provided for filtering based on network.

•

Host – Indicates a single host with a specific IP address.

•

Alias – Indicates a collection of IP addresses or hostnames or IP address ranges which are
configured as a single unit. This is for ease of ACL configuration. When selected, all IP
addresses or hostnames or IP address ranges are used in this ACL.

Network Service Alias

The service alias is a set of configurations consisting of protocol and port mappings. Both source
and destination ports are configurable. Set an alphanumeric service alias (beginning with a $
character and containing one special character) and include the protocol as relevant. Selecting
either tcp or udp displays an additional set of specific TCP/UDP source and destinations port
options.