Webaccess vs SSl VPN

KasperLIT
KasperLIT Posts: 2
In regards to the security risk announced last friday, I'm pondering in how to go about restricting wan webaccess to the device from my wan ip without interfering with SSl VPN. Currently managing about 50 Companies with this setup. and they connect from many different IP's so i can't really add them all nor do i want to.
So how do i do this if even possible?

All Replies

  • mMontana
    mMontana Posts: 646  Guru Member
    edited May 18
    IMVHO you missed the update where the webaccess and SSLVPN ports were splitted.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 289  Zyxel Employee
  • USG_User
    USG_User Posts: 309  Master Member
    Yes, as already said by mMontana above, update to the latest FW and firstly split to different non-well-known ports for accessing SSL VPN (e.g. 40443) and Admin web console (e.g. 50443). Further restrict the access to web console to LAN zones only, means no access from WAN interface is possible.

    In our case, when trying to access USG web interface from remote, I firstly have to connect to Company LAN by SSL VPN, followed by remotely starting my office computer via magic network packet, followed by establishing a RDP connection to my computer from which I have finally access to USG web console.
  • KasperLIT
    KasperLIT Posts: 2
    Thanks for the info, that was probably the info i missed and surely needed. :smiley:

Security Highlight