Refer to the scenario.
A customer requires these rights for clients in the “medical-mobile†AOS firewall role on Aruba Mobility Controllers (MCs):
Permitted to receive IP addresses with DHCP
Permitted access to DNS services from 10.8.9.7 and no other server
Permitted access to all subnets in the 10.1.0.0/16 range except denied access to 10.1.12.0/22
Denied access to other 10.0.0.0/8 subnets
Permitted access to the Internet
Denied access to the WLAN for a period of time if they send any SSH traffic
Denied access to the WLAN for a period of time if they send any Telnet traffic
Denied access to all high-risk websites
External devices should not be permitted to initiate sessions with “medical-mobile†clients, only send return traffic.
The exhibits below show the configuration for the role.
![](/img/media/HP/HPE6-A84/5.0/aa43fc6a-523a-40f9-bae9-dc72b52a6652.jpg)
There are multiple issues with the configuration.
What is one of the changes that you must make to the policies to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, “medical-mobile†rule 1 is “ipv4 any any svc-dhcp permit,†and rule 8 is “ipv4 any any any permit’.)