• All Files
Aruba Central Online Help

Firewall

FirewallFirewall is a network security system used for preventing unauthorized access to or from a private network. logging monitors traffic coming into and going out of the Aruba Central-managed network and acts as an investigative resource for users to track blocked sessions within the network. The Manage > Security > Firewall tab provides detailed summary of all blocked sessions in the Gateway, aggregated based on source IP, destination IP, destination port, and protocol. It also logs the blocked sessions which are sent from the Gateways connected in the network. It allows you to audit, verify, and analyze the effects of your firewall rules. You can also analyze the sessions by using the chart displayed in the Blocked Sessions pane. The historical firewall activity with blocked sessions are displayed for 3 hours time line.

Enabling Firewall Visibility on Gateway Config

To view the graphs on the Blocked Sessions pane, the Firewall Visibility service must be enabled. To enable the Firewall Visibility service, complete the following steps:

  1. In the Network Operations app, select one of the following options:

    To select a Branch Gateway group in the filter:

    1. Set the filter to a groups. The dashboard context for a group is displayed.

    2. Under Manage, click Devices > Gateways.

      The dashboard context for the gateway is displayed.

    To select a Branch Gateway in the filter:

    1. Set the filter to Global.

    2. Under Manage, click Devices > Gateways.

      A list of gateways is displayed in the List view.

    3. Click a gateway under Device Name.
      The dashboard context for the gateway is displayed.
    4. Under Manage, click Device > Gateway.
  2. Click the Config icon. The gateway configuration page is displayed.
  3. Click Show Advanced.
  4. Click Security > Application. The Applications page is displayed.
  5. In the Applications page, click Application Visibility arrow and select the Firewall visibility check box to enable the service.
  6. Click Save Settings.

Firewall Dashboard

The Manage > Security > Firewall > Blocked Sessions dashboard provides a graphical and tabular representations of all the session activities belonging to Gateways managed by Aruba Central:

  • Graphical view displays a bar graph that represents the session activities of a gateway over time.
  • Tabular view displays a tabular view that represents the in session activities of a gateway in detail.

The complete session information is summarized at the gateway level and then enriched at Central before displaying it on the dashboard. Enrichments include client (endpoint connected wired or wireless to the network), associated network segment, application details including application category, uplink information (outbound connection used), and policy information. All session activities are scoped by time and space. From a time perspective, the dashboard displays session activities covering up to 3 hours of historical data. From a space point of view, it covers the global customer-managed network level and specific gateway level.

The session entries that are denied access are displayed in the dashboard to help network administrators understand the reason for a session being denied or blocked due to a policy.

The reason for a session being blocked could be due to one or many of the following policies being configured and enabled:

  • IP Reputation
  • Geographical location-based policies
  • Application Reputation
  • Application Classification
  • Content in the web site or application
  • Missed classifications and the traditional network
  • Session and role access control lists

Viewing blocked Sessions in Chart View

To view the Blocked Session in chart view, complete the following steps:

  1. In the Network Operations app, select one of the following options:

    To select all devices, set the filter to Global. The dashboard context for the global filter is displayed.

    To select a Branch Gateway in the filter:

    1. Set the filter to Global.
    2. Under Manage, click Devices > Gateways. A list of gateways is displayed in the List view.
    3. Click a gateway under Device Name. The dashboard context for the gateway is displayed.

  2. Under Manage, click Security > Firewall tab.

If the filter is set to global, then the Blocked Sessions section displays a bar indicating the blocked sessions in the following charts:

  • Blocked sessions over time—The histograms in this chart displays blocked sessions over time for a gateway. On hovering over histograms chart, you can view the number of blocked sessions with time range.
  • Most Affected Gateways—The chart displays top 10 gateways with most blocked sessions for selected time scope. On hovering over a horizontal bar, it displays the number of blocked sessions count for each gateway. Click a horizontal bar to drilldown to a particular gateway in blocked sessions table.

Viewing Blocked Sessions in tabular view

To view Blocked Sessions in tabular view for a device, click the List icon in the top right corner of Firewall page. The Blocked sessions are displayed in tabular view with the following columns:

Data Pane Item

Description

Count

Displays the aggregated sessions.

Last session time

Displays last aggregated session’s timestamp.

Client

Displays MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the device. Click client MAC address hyperlink to view the corresponding client Summary page.

Source

Address—Displays IP address of client device that initiated this session.

Destination

Address—Displays destination IP address of this session.

Port—Displays destination port.

Protocol

Displays communication protocol used.

Application

Displays application identified for this session.

NOTE: This column may show empty if the session is denied prior to application classification.

Domain

Displays derived domain of the destination application or URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet..

Application Category

Displays application category.

NOTE: This column may show empty if the session is denied prior to app categorization.

WebCC Category

Displays WebCC category.

VLAN

Displays the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. associated with the initiating client device session.

ACL

User Role—Determines the user's network privileges based on the assigned user role.

Access Rule—Indicates the assigned rule. On hovering over the access rule for any session, displays the Role, Policy, and Rule applied for that session.

Policy—Indicates the policies assigned to the users.

Autofit Columns

Adjusts the column width of table to fit the page evenly.

Reset to default

Resets the table view to default columns.