How to block access to management Web UI to NSG50

Options
I have setup a server on our network and have a DNS address linked to our IP so external users can access this device. However, when users on the network go to the link they are redirected to the router management page. Users from outside the network are automatically pointed to the device I want it to. How can I stop the devices on the local network from automatically forwarding to this? How can I change the WebUI port to something else? We use Zyxel Nebula to manage our equipment.

All Replies

  • Zyxel_Ivan
    Zyxel_Ivan Posts: 259  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Dear @sfalketrinity , Here's an article for your reference:https://community.zyxel.com/en/discussion/4355/nebula-how-to-protect-my-network-nsg-by-using-firewall-rules-on-nsgAnd you can block the HTTP/HTTPS traffic which from the local network IP to NSG LAN IP. Thanks, Ivan
  • sfalketrinity
    Options
    I tried all of those methods and I am still faced with the same problem. We are able to access the server remotely just fine. However, when we try to access it using the Public IP address (which is tied to our domain) from the local network, it automatically redirects to the WebUI for the gateway. I even changed the port on the server to an arbitrary number and wasn't even able to get anything. Can I change the local WebUI management port so it doesn't interfere with 443 or 80?
  • mMontana
    mMontana Posts: 1,302  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2023
    Options
    Yes you can.
    Screenshots come from USG40 4.73 but the path should be similar; dont' forget to correctly configure security policy before proceed and download the latest configuration.
    Bad configuration of the device can lock you out, without allowing you to connect; having an accessible configuration backup will speedup a lot the restore.

    Access to "WWW"

    Then manage the port used from the web management changing them for HTTPS and HTTP.
    I'd disable HTTP access from WAN.


  • sfalketrinity
    Options
    Since our equipment is Nebula cloud controlled, the opens that you show with the WWW settings aren't there. Is there an option for this in the Nebula controller? 
  • Zyxel_Melen
    Zyxel_Melen Posts: 1,647  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @sfalketrinity,

    So you have setup the NAT rule but when local client tries to access the server will redirect to NSG web GUI?
    Could you enable Zyxel support for me to check the configuration? Also needs you provide the org name with me.
    Please go to Help center > Support Request > Zyxel support access to enable and save. 

    Zyxel Melen

Nebula Tips & Tricks