Source port + destination address policy

  • 0
  • 1
  • Question
  • Updated 2 months ago
  • Answered
  • (Edited)
Hello,
In NetSight Policy Manager, I would like to create a set of rules to permit a traffic based on a source IP + source port AND a destination IP range (e.g. 192.168.1.10:80 → 192.168.2.0/24)
I can't find how. I can either permit an IP source + port source, either an IP destination + port destination.
If I create two rules in a service, it acts like a OR so it permits too much traffic.

The goal is to permit a flow from a server to a specific network (admin). Of course I can permit IP destination + port destination on the client side, but shouldn't I filter on the server side too?

Version: Extreme Management Center 8.1.2.59

Thanks,
Émile
Photo of Emile

Emile

  • 70 Points

Posted 2 months ago

  • 0
  • 1
Photo of Tom Currier

Tom Currier, Employee

  • 720 Points 500 badge 2x thumb

This is dependent on the device type.  For devices that support IP to Role mapping (see Policy Manager firmware support on the documentation page) you can do an IP to Role mapping that assigns a policy to manage traffic as you wish. 

The mapping will set the role based on the source or destination IP address in the packet, then the policy actions will do permits, denies, contain to vlan as specified in the policy.

This is how you can accomplish an AND feature.  Also available is VLAN and MAC to Role mapping, again see the policy features supported in the Firmware Support document on our documentation page.