EasyManuals Logo

Siemens SCALANCE W1750D UI User Manual

Siemens SCALANCE W1750D UI
570 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #248 background imageLoading...
Page #248 background image
Roles and Policies
15.1 Firewall Policies
SCALANCE W1750D UI
248 Configuration Manual, 02/2018, C79000-G8976-C451-02
4. To create a new rule for the network, click
New
. To create an access rule for a user role,
select the user role and then click
New
. The
New Rule
window is displayed.
5. In the
New Rule
window, perform the following steps:
– Select
Access control
from the
Rule type
drop-down list.
– Select
Source-NAT
from the
Action
drop-down list, to allow for making changes to the
source IP address.
– Select a service from the list of available services.
Default
: All client traffic by default will be directed to the native vlan.
Tunnel
: All network-based traffic will be directed to the VPN tunnel.
VLAN
: All client based traffic will be directed to the specified uplink VLAN using the IP
address of the interface that AP has on that VLAN. If the interface is not found, this
option has no effect.
– Select the required option from the
Destination
drop-down list.
– If required, enable other parameters such as
Log
,
Blacklist
,
Classify media
,
Disable
scanning
,
DSCP tag
, and
802.1p priority
.
– Click
OK
.
6. Click
Finish
.
In the CLI
To configure source-NAT access rule:
(scalance)(config)# wlan access-rule <access_rule>
(scalance)(Access Rule "<access_rule>")# rule <dest> <mask> <match> <protocol>
<sport> <eport> src-nat [vlan <vlan_id>|tunnel]
(scalance)(Access Rule "<access_rule>")# end
(scalance)# commit apply
Configuring Policy-Based Corporate Access
To allow different forwarding policies for different SSIDs, you can configure policy-based
corporate access. The configuration overrides the routing profile configuration and allows
any destination or service to be configured to have direct access to the Internet (bypassing
VPN tunnel) based on the ACL rule definition. When policy- based corporate access is
enabled, the VC performs source-NAT by using its uplink IP address.
To configure policy-based corporate access:
1. Ensure that an L3 subnet with netmask, gateway, VLAN, and IP address is configured.
For more information on configuring L3 subnet, see Configuring L3-Mobility (Page 455).
2. Ensure that the source IP address is associated with the IP address configured for the L3
subnet.
3. Create an access rule for the SSID profile with Source-NAT action as described in
Configuring a Source-NAT Access Rule. The source-NAT pool is configured and
corporate access entry is created

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Siemens SCALANCE W1750D UI and is the answer not in the manual?

Siemens SCALANCE W1750D UI Specifications

General IconGeneral
BrandSiemens
ModelSCALANCE W1750D UI
CategoryWireless Access Point
LanguageEnglish

Related product manuals