Firewall on prem - Login for some local users only from LAN
Hello everyone,
I have some on prem installations where I want to limit specific users to login to admin the webUI only if they are in LAN1.
I tried different Policy Rules but I can still login with those users when contacting the firewall via WAN.
How is it possible to have this working properly?
Thanks in advance
All Replies
-
You can limit logon for a given LAN in system > WWW like this
backup first
0 -
Hi @GiuseppeR
If you want to restrict the admin service to HTTPS only, go to CONFIGURATION > System > WWW and limit the HTTP service.
With this configuration, logging in to the device GUI via HTTP will be denied.
Kay
Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP
0 -
I need to logon also remotely via HTTPS page, I need to know if it is possible to have a group of users that could logon only from LAN1.
you can limit by IP too if you try to login from any other IP you be denied
or are you needing to limit to WAN or from VPN?
0 -
Hello @Zyxel_Kay & @PeterUK
thanks for the tips, but what I was looking for is something different.
I desire to have a policy where I can force the ZyWALL to accept remote connections ONLY from some specific users.
So I can have:
- Admin1
- Admin2
- Admin3
And ONLY Admin1 is able to connect via HTTPS to ZyWALL from WAN.
Admin2 and Admin3 are inside a group "Local_Admin" and these Admin* are able to logon only if they are inside LAN.
I tried to setup this limitation inside Security Policy but the firewall did not deny the access for that specific group "Local_Admin".
0 -
Devices on a LAN not connected by VPN don't have a user name you can only use Security Policy user option if the client makes a connection by VPN to Zywall
0 -
Yes from IP but it does not know the user so you can have a Security Policy like
from LAN1
to zywall
source 192.168.255.250
service HTTPS
note their is a default rule that might be enabled to allow all from LAN1 to zywall you need to disable
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight