Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

1061| External Services Interface AOS-W 6.5.3.x| User Guide

3. To add a policy for the new role, click Add in the Firewall Policies section. The WebUI expands the Firewall

Policies section.

Choose from existing configured policies, create a new policy based on existing policies, or create a new

policy.

a. If you elect to create a new policy, click on the radio button for Create New Policy and then click

Create. The WebUI displays the Policies tab.

b. In the Policies tab:

Policy Name. Enter the policy name fortinet and the IPv4 Session policy type.) Click Add to proceed.

The WebUI expands the Policies tab.

In the drop-down lists, choose parameters such as source, destination, service in the same way as other

firewall policy rules. This example uses any source, any destination, service type svc-http (tcp 80). For

certain choices, the WebUI expands and adds drop-down lists.

c. In the Action drop-down menu, select the redirect to ESI group option.

Select fortinet as the appropriate ESI group.

The three steps above translate to “for any incoming HTTP traffic, going to any destination, redirect the

traffic to servers in the ESI group named fortinet.”)

Select both as the traffic direction. Forward refers to the direction of traffic from the untrusted client or

user to the trusted server, such as the HTTP server or email server.

To add this rule to the policy, click Add.

d. Repeat the steps to configure additional rules. This example adds a rule that specifies

any,any,any,permit.

e. Click Done to return to the User Roles tab.

4. Click Apply to apply the configuration changes.

5. Refer to Roles and Policies on page 375, for directions on how to apply a policy to a user role.

In the CLI

Use these commands to define the redirection filter for sending traffic to the ESI server and apply the firewall

policy to a user role in the route-mode ESI topology example.

ip access-listsessionpolicy

anyanyanyredirectesi-groupgroupdirectionbothblacklist

//For any incoming traffic, going to any destination,

//redirect the traffic to servers in the specified ESI group.

anyanyanypermit

//For everything else, allow the traffic to flow normally.

user-rolerole

access-list{eth|mac|session}

bandwidth-contractname

captive-portalname

dialername

pool {l2tp|pptp}

reauthentication-intervalminutes

session-aclname

vlanvlan_id

Syslog Parser Domain and Rules

The following sections describe how to configure the syslog parser domain and rules for the route-mode

example using the WebUI and CLI.

Alcatel-Lucent AOS-W 6.5.3.x - Page 1061

Table of Contents