Setting an ip firewall policy – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

579

53-1003099-01

10

IP based firewalls function like Access Control Lists (ACLs) to filter/mark packets, as opposed to
filtering packets on layer 2 ports. IP firewalls implement uniquely defined access control policies,
so if you don't have an idea of what kind of access to allow or deny, a firewall is of little value, and
could provide a false sense of network security.

IP based firewall rules are specific to source and destination IP addresses and the unique rules
and precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be
filtered by applying an IP ACL. Firewall rules are processed by a firewall supported device from first
to last. When a rule matches the network traffic a controller or service platform is processing, the
firewall uses that rule's action to determine whether traffic is allowed or denied.

NOTE

Once defined, a set of IP Firewall rules must be applied to an interface to be a functional filtering
tool.

Setting an IP Firewall Policy

Before defining a firewall configuration, refer to the following deployment guidelines to ensure the
configuration is optimally effective:

1. Select Configuration > Security > IP Firewall Rules to display existing IP firewall rule policies.

FIGURE 7

IP Firewall Rules screen

2. Select + Add Row to create a new IP firewall rule. Select an existing policy and click Edit to

modify the attributes of that policy configuration.

3. Select the added row to expand it into configurable parameters for defining the IP based

firewall policy.