ExtremeSwitching (EXOS)

  • 1.  Help writing a flow redirect acl

    Posted 08-14-2017 19:09
    What I am attempting to do is to push any outbound port 80 traffic (https too but not in this example) to the internet with a flow redirect command but skip if the traffic is local. So here's what I have so far: the ** are comments for the sake of this post. Does this make sense?

    ACL

    entry Allhttp {
    if {
    protocol tcp;
    source-address 10.234.0.0/16;
    destination-address 10.234.0.0/16;
    source-port 80;
    }
    then {
    Deny; ** in essence skip
    }

    ** so if not the above do this.

    if {
    protocol tcp;
    source-address 10.234.0.0/16;
    source-port 80;
    }
    then {

    redirect-name ToBluecoat;
    count WebHTTP;
    }
    }



  • 2.  RE: Help writing a flow redirect acl

    Posted 08-15-2017 04:04
    Hi Dave,

    The rules which you have mentioned needs to be modified a bit.

    Instead of "deny" using the "permit" action modifier will apply the normal forwarding logic.

    All the below rules must be in same policy file.

    Here is a sample.
    entry HTTP_PACKETS_TO_10.234.0.0 {
    If match all {
    Protocol TCP;
    destination-port 80;
    source-address 10.234.0.0/16;
    destination-address 10.234.0.0/16;
    } then {
    permit;
    }
    }

    # same subnet but matching https traffic
    entry HTTPS_PACKETS_TO_10.234.0.0 {
    If match all {
    Protocol TCP;
    destination-port 443;
    source-address 10.234.0.0/16;
    destination-address 10.234.0.0/16;
    } then {
    permit;
    }
    }

    entry HTTP_to_other_than_10.234.0.0/16 {
    if match all {
    protocol TCP ;
    destination-port 80 ;
    source-address 10.234.0.0/16 ;
    }
    then {
    redirect-name ToBluecoat;
    count WebHTTP;
    }
    }

    entry HTTPS_to_other_than_10.234.0.0/16 {
    if match all {
    protocol TCP ;
    destination-port 443 ;
    source-address 10.234.0.0/16 ;
    }
    then {
    redirect-name ToBluecoat;
    count WebHTTPS;
    }
    }

    Here is an article on how to configure flow redirect.
    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-flow-redirect

    I hope this is helps!


  • 3.  RE: Help writing a flow redirect acl

    Posted 08-15-2017 22:07
    Perfect!! Thank you. I'll test it later this week.