Pronto Networks

he left hand menu, select Organization to expand its dropdown menu, and select ACL Groups.

From the top right of the page, select the blue button, +Create New ACL.

- he left hand menu, select Organization to expand its dropdown menu, and select ACL Groups.
- From the top right of the page, select the blue button, +Create New ACL.


Select the devices, tags, or network policies you wish to apply the ACL rules to, under AP / AP Tags / Network.

- Select the devices, tags, or network policies you wish to apply the ACL rules to, under AP / AP Tags / Network.
- Select logging options for the ACLs

Configure your Layer 3 ACL rules :

- Uplink - For the fields Src Uplink Type, the option ALL includes the LAN and Wifi. 
- IP/Domain
- Bitmask

- Uplink - For the fields Dst Uplink Type, the option ALL includes the LAN and Wifi. 
- IP/Domain
- Bitmask

- Policy
- Protocol
- Src details
 - Uplink - For the fields Src Uplink Type, the option ALL includes the LAN and Wifi. 
 - IP/Domain
 - Bitmask
- Dst details
 - Uplink - For the fields Dst Uplink Type, the option ALL includes the LAN and Wifi. 
 - IP/Domain
 - Bitmask
- Dst Port
- Enable - Yes or No
- Log - Yes or No

A few additional recommendations when configuring this feature :

Traffic is matched by the ACL rules top to bottom.

- Traffic is matched by the ACL rules top to bottom.

There is no implicit ‘Deny All’ at the end of the rules. So any packet not matching any rules would be allowed to pass through.

You may use domains (websites) instead of IP addresses for the fields Src IP/Domain/ Dst IP/Domain. If the domain is added, (ex. Yahoo.com), then the corresponding subdomains are also matched(ex, mail.yahoo.com, news.yahoo.com etc)

ACL rules primarily apply for routed traffic.

Under Configuration, Network, for the SSID/VLAN sections, IP Configuration, DNS Mode, choose ‘Use ISP(Default)’ if adding ACL rules based on domain names

The Ports can be configured as a single port number(ex. 80) or a range of ports.(ex. 5001:6000).

- There is no implicit ‘Deny All’ at the end of the rules. So any packet not matching any rules would be allowed to pass through.
- You may use domains (websites) instead of IP addresses for the fields Src IP/Domain/ Dst IP/Domain. If the domain is added, (ex. Yahoo.com), then the corresponding subdomains are also matched(ex, mail.yahoo.com, news.yahoo.com etc)
- ACL rules primarily apply for routed traffic.
- Under Configuration, Network, for the SSID/VLAN sections, IP Configuration, DNS Mode, choose ‘Use ISP(Default)’ if adding ACL rules based on domain names
- The Ports can be configured as a single port number(ex. 80) or a range of ports.(ex. 5001:6000).

Configure your Layer 7 ACL rules :

- Policy
- Uplink Type 
- Src IP &amp; Bitmask
- Category of Layer  7 
- Specific Application

Once you’ve finished creating your rules, select the green button Create ACL Group.