Firewall Policy on Branch Router

  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
We are using Branch Routers to extend corporate wireless and wired network to telecommuters.
am using AP230 in the office where firewall rules are applied to
different user profiles within the profile ( IP Firewall Policy section of the user profile). I would like to be able to use the same firewall policy that I am applying in the office to the user when he/she is at home, but it looks like firewall policies on the BR-200 don't work when applied in the user profile. Instead it looks like all rules have to be configured under Router Firewall section instead.  Is it possible to use firewall section of the user profile on the BRs? This would simplify things a lot and avoid making two changes for a single firewall change.
Photo of prekursor


  • 2 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Scott M.

Scott M., Sr. Support Engineer

  • 104 Posts
  • 8 Reply Likes
The BR firewall is located in the Network Policy

Figure 1: Location of the BR firewall setting in the Network Policy in HiveManager 6.4r1

I've tested the firewall on HiveOS 6.2r1 and HiveOS 6.4r1 and it worked in my lab experiments.  I've tested the firewall using Wildcards, Network Objects and IP Networks.

Figure 2,  below, shows my configuration.  Please notice that I currently have all the created rules "Disabled." To enable rules you just uncheck the "Disable" box and save and then save to the Network Policy and push the config to the BR.  All of the rules shown have been individually tested and worked in my lab.

Figure 2: Shows firewall rules that were tested and worked
Note: the rule are disabled in the screenshot, but were enabled during testing.
Photo of prekursor


  • 2 Posts
  • 0 Reply Likes
This is how i have it setup as well but I would like  to use the firewall option in the users profile instead just like i am using it on the AP230s
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Sorry, but the layer3 devices (and now the SR product line as well) operate only on layer3 info. We are aware that people like applying policies to user profiles, and we have plans to eventually bring the BR and SR products in line with the APs, but that's off in the indefinite future and should not be a consideration for your planning purposes.