we are using policy manager with extreme wireless controller happily, however, i have a scenario that i am unable to deal with,
- rule action is contain to vlan.
- we allow specific IP sockets from PM.
- we deny all private IP ranges , so that users gain internet access but no access to local resources.
this is workign fine, the rouble came when we have been asked to allow ICMP to specif IPs, when we allow the protocal ICMP, it is ordered below the deny statements in the wireless controller (so it does not take effect) , and also i did not find a way to limit ICMP it to specific IP address destination.