Blocking any streaming internet radios through aerohive APs

  • 1
  • Question
  • Updated 2 years ago
Can someone share what FW rules needs to be applied in order to block all internet radios ?

Thank You, 
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Sounds like a 'Can someone share with me how long a piece of string is?' type question.

Can you be more specific?

Nick
(Edited)
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes


looks like still can access pandora, 
(Edited)
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
My version is HiveOS 6.6r1a.2321. My understanding 6.5r3 is lower version so should I downgrade? 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
6.5r3 is a newer version in the golden, long term stable branch. You should consider moving to this release.
(Edited)
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
ok thats what I did and worked for me with a little of bit of my own effort: rearranged the firewall policy: placed all denied on the top and permit on the button without any downgrades. Te help others here what i DID in order to create all from scratch:

First, you'll want to create a User Profile specific to this device and configure an IP Firewall Policy on it:
- Go to Configuration > User Profiles (in the nav bar on the left side) > New
- Enter the name, attribute number, and default VLAN
- Expand Firewalls, then under IP Firewall Policy, click the + sign next to the From-Access field
- Name the IP Firewall policy, click the + sign under the Firewall Policy for APs
- Source IP: [-any-], Destination IP: [-any-], Service: select the application you wish to block, Action: Deny, Save.
- Add one more rule underneath that one, [-any-], [-any-], [-any-], Permit, Save.
- Save the IP Firewall Policy, then select it in the From-Access dropdown box, set the Default Action dropdown box to Permit.
- Save the user profile

Now you'll set up the Client Classification:

- Go to Configuration > choose your network policy > click on the default user profile for the RADIUS SSID
- Expand Client Classification Policy under Optional Settings, check the enable box
- Click New, then click the + sign under the MAC Object box
- In the MAC Addresses/OUI window, choose the MAC Address radio button, then hit New
- Name the MAC Object, enter the MAC address of the device you wish to block the application on, then Save
- Under Reassigned User Profile, select the user profile that you created earlier
- Click Apply, then save the User Profile
- Back on the Network Policy page, click on the Add/Remove link under the User Profile and check the box that says "Enable user profile reassignment based on client classification rules"
- Save the network policy and push out a configuration to your devices.

Hopefully, somebody will find that helpful. This is what worked for me in order to block pandora radio. - MST 

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Ok, but 6.5r3 isn't a downgrade despite the version number being lower. Don't get hung up on the number.
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Get it, I did not realized the lower number means older version. Definitely, I will fallow advice and schedule upgrade for a HM Virtual Appliance.

Thank You Nick for the ongoing help in the forum and advice. Have a wonderful weekend! -MST