No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Established traffic from VLAN 30 to VLAN 150 is allowed when this comes from VLAN 150.

Publication Date:  2018-02-28 Views:  283 Downloads:  0
Issue Description

Customer would like to make an access list, whereby all the traffic of VLAN 30 (webserver vlan) to VLAN150 (Management VLAN) will be dropped. Established traffic from VLAN 30 to VLAN 150 is allowed when this comes from VLAN 150.


Solution

This scenario can be achieved on Cloud Engine only if the customer is using TCP for communication.

 

The customer can configure a TCP establish policy and deny the traffic, if it’s initiated by VLAN30 for VLAN150. Instead, the traffic will be permitted if is initiated by VLAN150 and VLAN30 will reply.

 

The configuration is as below:

1.       Configure traffic classifier


2.       Configure traffic behavior

          \

          3. Configure ACL 300

          


4.       Configure  traffic classifier 2

          

 

5.       Configure traffic behavior test-3

         

6.       Configure the policy, and set the priority of test-3 higher than test;

            

       

7.       Apply this policy in the outbound direct of the VLANIF 30;

          

          

8.       Configure classifier test-2;

         


9.       Configure behavior test-2;

           


10.   Configure policy test-2;

          

 

11.   Apply policy test-2 in the outbound of VLANIF 150


           



END