How to block access to management Web UI to NSG50

I have setup a server on our network and have a DNS address linked to our IP so external users can access this device. However, when users on the network go to the link they are redirected to the router management page. Users from outside the network are automatically pointed to the device I want it to. How can I stop the devices on the local network from automatically forwarding to this? How can I change the WebUI port to something else? We use Zyxel Nebula to manage our equipment.

All Replies

  • Zyxel_Ivan
    Zyxel_Ivan Posts: 298  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Dear @sfalketrinity , Here's an article for your reference:https://community.zyxel.com/en/discussion/4355/nebula-how-to-protect-my-network-nsg-by-using-firewall-rules-on-nsgAnd you can block the HTTP/HTTPS traffic which from the local network IP to NSG LAN IP. Thanks, Ivan
  • I tried all of those methods and I am still faced with the same problem. We are able to access the server remotely just fine. However, when we try to access it using the Public IP address (which is tied to our domain) from the local network, it automatically redirects to the WebUI for the gateway. I even changed the port on the server to an arbitrary number and wasn't even able to get anything. Can I change the local WebUI management port so it doesn't interfere with 443 or 80?
  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    edited January 2023
    Yes you can.
    Screenshots come from USG40 4.73 but the path should be similar; dont' forget to correctly configure security policy before proceed and download the latest configuration.
    Bad configuration of the device can lock you out, without allowing you to connect; having an accessible configuration backup will speedup a lot the restore.

    Access to "WWW"

    Then manage the port used from the web management changing them for HTTPS and HTTP.
    I'd disable HTTP access from WAN.


  • Since our equipment is Nebula cloud controlled, the opens that you show with the WWW settings aren't there. Is there an option for this in the Nebula controller? 
  • Zyxel_Melen
    Zyxel_Melen Posts: 2,305  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Hi @sfalketrinity,

    So you have setup the NAT rule but when local client tries to access the server will redirect to NSG web GUI?
    Could you enable Zyxel support for me to check the configuration? Also needs you provide the org name with me.
    Please go to Help center > Support Request > Zyxel support access to enable and save. 

Nebula Tips & Tricks