Summit WM3000 Series Controller System Reference Guide 511
A wired Host (Host-1) on the trusted side is not able to connect
to a Wireless Host (Host-2) or Wired Host (Host-3) on the
untrusted side
1 Check that IP Ping from Host1 to the Interface on the Untrusted Side of the controller works.
2 If it works then there is no problem in connectivity.
3 Now check whether Host-1 and Host-2/Host-3 are on the same IP subnet.
If not, add proper NAT entries for configured LANs under FireWall context.
4 Once step 3 is completed, check again, that IP Ping from Host1 to the Interface on the Untrusted Side
of the controller works.
If it works then problem is solved.
Disabling of telnet, ftp and web traffic from hosts on the untrusted side does not
work.
1 Check the configuration for the desired LAN under FW context (which is under configure context).
CLI - configure fw <LAN_Name>
2 Check whether ftp, telnet and web are in the denied list. In this case, web is https traffic and not
http.
3 Ensure that "network policy" and "Ethernet port" set to the LAN is correct.
How to block the request from host on untrusted to host on trusted side based on
packet classification.
1 Add a new Classification Element with required Matching Criteria
2 Add a new Classification Group and assigned the newly created Classification Element. Set the
action required.
3 Add a new Policy Object. This should match the direction of the packet flow i.e. Inbound or
Outbound.
4 Add the newly created PO to the active Network Policy.
5 Associate WLAN and Network Policy to the active Access Point Policy.
Any request matching the configured criteria should take the action configured in the Classification
Element.
To Next Page
Loading...