Configuring ip firewall rules – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 552

Advertising
background image

542

Brocade Mobility Access Point System Reference Guide

53-1003100-01

8

20. Select OK to update the Firewall Policy Advanced Settings. Select Reset to revert to the last

saved configuration. The firewall policy can be invoked at any point in the configuration process
by selecting Activate Firewall Policy from the upper, left-hand side, of the access point user
interface.

Configuring IP Firewall Rules

Getting Started with the Mobile Computer

Access points use IP based firewalls like Access Control Lists (ACLs) to filter/mark packets based
on the IP address from which they arrive, as opposed to filtering packets on Layer 2 ports.

IP based firewall rules are specific to source and destination IP addresses and the unique rules
and precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be
filtered by applying an IP ACL. Firewall rules are processed by a firewall supported device from first
to last. When a rule matches the network traffic an access point is processing, the firewall uses
that rule's action to determine whether traffic is allowed or denied.

NOTE

Once defined, a set of IP firewall rules must be applied to an interface to be a functional filtering tool.

To add or edit an IP based Firewall Rule policy:

1. Select Configuration tab from the Web user interface.

Select Security.

Select IP Firewall to display existing IP firewall policies.

Check unnecessary
resends of TCP packets

Select the check box to enable the checking of unnecessary resends of TCP packets. The
default setting is enabled.

Check Sequence Number
in ICMP Unreachable error
packets

Select the check box to enable sequence number checks in ICMP unreachable error
packets when an established TCP flow is aborted. The default setting is enabled.

Check Acknowledgment
Number in RST packets

Select the check box to enable the checking of the acknowledgment number in RST
packets which aborts a TCP flow in the SYN state. The default setting is enabled.

Check Sequence Number
in RST packets

Select the check box to check the sequence number in RST packets which abort an
established TCP flow. The default setting is enabled.

Advertising
Popular Brands
Popular manuals