how to setup unified firewall when have both AP and switch in one network policy for 6.4r1

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)
Hi

I had a policy with both APs and an switch SR2024P. I try to setup unified IP firewall for different user profile. I found there are two ports in the firewall setup Firewall Policy for APs and Firewall Policy for switchs, it looks they are overwrite each other. how to setup, is anybody have idea.

I just want to allow traffic for HTTP and HTTPS.

If I enable HTTP and HTTPs, DNSm DHCPm NTP for both and default policy to deny then it does not allowed any traffic.

If I setup switch allowd all and AP enable HTTP and HTTPs, DNSm DHCPm NTP and default policy to deny, then it allowed all traffic

If I setup switch to null and AP enable HTTP and HTTPs, DNSm DHCPm
NTP and default policy to deny, then it does not allowed any traffic

any ideas

Thanks
Photo of Bin Yu

Bin Yu

  • 24 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Joe Fraher

Joe Fraher, Official Rep

  • 30 Posts
  • 7 Reply Likes
Hi, Bin Yu. The unified IP firewall configuration for APs and switches is explained in the HiveOS and HiveManager 6.4r1 New Features Guide.  See pages 11-16. Two key points to keep in mind for switches: (1) Apply the firewall policy  in user profiles assigned to access ports. (2) Make sure the Allow Multiple Hosts (Same VLAN) check box is cleared in the port type profile. - Joe 
Photo of Bin Yu

Bin Yu

  • 24 Posts
  • 0 Reply Likes
Hi

1. I allocated the same user profile to access port
2. I did not use any Authentication, it has been untick
3. I apply same firewall policy for both switch and APs (allowed HTTP and HTTPs, DNS, DHCP and NTP) and default is deny.

I can ping outside, but the DNS does not  work. If I permit all traffic, then DNS works?

I use 8.8.8.8 and 8.8.4.4 as DNS.

Any ideas.

Regrds
Bin