Cloud Managed Networks

Good day everyone!

I have been struggling with this for a couple of hours. Our customer wants to apply a restrictive control plane policy that among other things needs to allow reply packets to HTTPS connections.

In Classic Central we did this via Multiedit and configuring an ACE for which the source and destination were "any eq 443 any".

In New Central we don't have Multiedit and the ACL GUI only allows us to select source, destination and "protocol and port", which is always applied to the destination.

Is there any way to do this in New Central?

-------------------------------------------

do you mean something like this ?

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Hi. Sorry for the delay. If I'm not mistaken, that screenshot you show there is filtering the destination, not the source port, isn't that correct?

-------------------------------------------

Original Message:
Sent: Apr 30, 2026 03:54 AM
From: ariyap
Subject: New Central and source ports in ACLs

do you mean something like this ?

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Can you provide the product line this is going to. It looks like API's can probably push the source port for switches. 

-------------------------------------------

Original Message:
Sent: May 14, 2026 01:15 PM
From: JaimeVS
Subject: New Central and source ports in ACLs

Hi. Sorry for the delay. If I'm not mistaken, that screenshot you show there is filtering the destination, not the source port, isn't that correct?

Yes, it's possible via the API only at this moment. Hereby an example

#policy name is source-port in this example

URI: {{baseUrl}}/network-config/v1alpha1/policies/source-port
{
    "name": "source-port",
    "type": "POLICY_NETWORK_ACL",
    "dsf-enable": false,
    "association": "ASSOCIATION_INTERFACE",
    "description": "source-port",
    "security-policy": {
        "type": "SECURITY_POLICY_TYPE_DEFAULT",
        "policy-rule": [
            {
                "position": 1,
                "condition": {
                    "rule-type": "RULE_TCP",
                    "transport-fields": {
                        "source-port": {
                            "operator": "COMPARISON_EQ",
                            "min": 443
                        },
                        "established": false
                    },
                    "source": {
                        "type": "ADDRESS_ANY"
                    },
                    "destination": {
                        "type": "ADDRESS_ANY"
                    },
                    "ip-header": {
                        "protocol": "IP_TCP"
                    }
                },
                "action": {
                    "type": "ACTION_ALLOW",
                    "secondary-actions": {
                        "log": false,
                        "count": false
                    }
                }
            }
        ]
    }
}

------------------------------
Willem Bargeman
Systems Engineer Aruba
ACEX #125
------------------------------

Original Message:
Sent: May 15, 2026 08:35 AM
From: justink
Subject: New Central and source ports in ACLs

Can you provide the product line this is going to. It looks like API's can probably push the source port for switches. 

Original Message:
Sent: May 14, 2026 01:15 PM
From: JaimeVS
Subject: New Central and source ports in ACLs

Hi. Sorry for the delay. If I'm not mistaken, that screenshot you show there is filtering the destination, not the source port, isn't that correct?