1. Log in to cloud.prontonetworks.com

  2. From the left hand menu, select Organisation to expand its dropdown menu, and select ACL Groups.

  3. From the top right of the page, select the blue button, +Create New ACL.

  1. Name your ACL policy under Group Name.

  1. Select the devices, tags, or network policies you wish to apply the ACL rules to, under AP / AP Tags / Network.

Configure your ACL rules with the following in mind:

  • Src = Source

  • Dst = Destination

  • Traffic is matched by the ACL rules top to bottom.

  • There is no implicit ‘Deny All’ at the end of the rules. So any packet not matching any rules would be allowed to pass through.

  • You may use domains (websites) instead of IP addresses for the fields  Src IP/DomainDst IP/Domain. If the domain is added, (ex. Yahoo.com), then the corresponding subdomains are also matched(ex, mail.yahoo.com, news.yahoo.com etc)

  • For the fields Src Uplink Type/Dst Uplink Type, the option ALL includes the LAN and Wifi. 

  • ACL rules primarily apply for routed traffic.

  • Under ConfigurationNetwork, for the SSID/VLAN sections, IP ConfigurationDNS Mode, choose ‘Use ISP(Default)’ if adding ACL rules  based on domain names

  • The Ports can be configured as a single port number(ex. 80) or a range of ports.(ex. 5001:6000).

  1. Once you’ve finished creating your rules, select the green button Create ACL Group.