central or local firewall policy

  • 1
  • Question
  • Updated 3 years ago
Looking into BR100/200 routers documentation, how do I setup local firewall policy ? Does it have to be on every BR device or centrally from mgmt software ?
Photo of Irek Romaniuk

Irek Romaniuk

  • 26 Posts
  • 1 Reply Like

Posted 3 years ago

  • 1
Photo of Ruwan Indika

Ruwan Indika

  • 66 Posts
  • 22 Reply Likes
Hi Irek,

You can create a Network Firewall Policy and upload to all the Branch Routers (BR), 


 



http://www.aerohive.com/330000/docs/help/english/6.4r2/hm/full/help.htm#cshid=config/sec/netFwPol.ht... 
Photo of Irek Romaniuk

Irek Romaniuk

  • 26 Posts
  • 1 Reply Like
Thank you Ruwan. Looks great. What about BR100/200 provisioning, how I hook them up to HiveManager ?
Photo of Ruwan Indika

Ruwan Indika

  • 66 Posts
  • 22 Reply Likes
Hi Irek,

To get the BR100/200 connected to the HiveManager, add the serial number of the BR to the HiveManager and connect the BR to the network. If it is on-premiss HiveManager you will have to set the HM address in the BR. 

Photo of Irek Romaniuk

Irek Romaniuk

  • 26 Posts
  • 1 Reply Like
and referring closer to my prev question, is split tunneling possible ? I'm looking for devices able to have IPsec tunnels with central gateway but connecting to Internet locally
Photo of Ruwan Indika

Ruwan Indika

  • 66 Posts
  • 22 Reply Likes
Split tunnel option is there is L2 VPN

Photo of Irek Romaniuk

Irek Romaniuk

  • 26 Posts
  • 1 Reply Like
Thanks a lot for prompt answers, last question if  HiveManager is in DataCenter (customer managed appliance or VM) will it be possible BR to discover it ?
Photo of Ruwan Indika

Ruwan Indika

  • 66 Posts
  • 22 Reply Likes
Yes, you need to set the IP address of the HiveManager in BR, or provide that using DHCP option 225,226,

Option 225 (HM Name): hm1.yourdomain       

Option 226 (HM IP): 2.1.1.10







(Edited)
Photo of Irek Romaniuk

Irek Romaniuk

  • 26 Posts
  • 1 Reply Like
right but if I send BR to remote user who can only plug BR into Internet and where I don't control DHCP ? I would rather avoid user setting IP address , or me having to setup it in advance (assume BR ordered directly to remote user)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
It's the IP address or host/DNS name of the HiveManager instance that you're putting in, not the IP address of the BR.
Photo of Irek Romaniuk

Irek Romaniuk

  • 26 Posts
  • 1 Reply Like
Right, but to put the IP address or host/DNS name of the HiveManager instance in each BR... I have to access every BR.
I'm looking for the option for the BR to find on-premises HiveManager after delivered from vendor (Aerohive itself) to remote user (similar to how BR finds Hivemanager in the cloud myhive.aerohive.com). 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
You cannot do that today as there's no option to configure to the redirector to point to your own server. That is something that Aerohive could add, but honestly you'd probably be better just using Aerohive's hosted services...