SSL VPN built, SecurExtender app in use OK. How to turn OFF the Login Screen available via WAN IP?

BBSBassman
BBSBassman Posts: 1
edited April 2021 in Security

I've built an SSL VPN configuration in my USG20W-VPN router, created 2 users & needed objects/services. Downloaded/installed SecurExtender on the remote PC's & laptops. I now want to turn OFF the router login screen that is available to everyone/everywhere via an HTTPS browser session to the WAN IP address. I'm told that port 443 (HTTPS port) must be open to allow the SSL VPN to work. Is this true even AFTER SecurExtender app installed and working OK? Please advise. Seems VERY stupid to leave a full router login screen open to the Internet protected only by the login password...... HELP!

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @BBSBassman

    Welcome to Zyxel Community 😁

    That’s true, the SecuExtender base on that to establish connection.

    If you turn off the www https port, the SecuExtender is unable to establish connection.

    For client to site VPN connection, you also can use other method to connect USG. E.g. L2TP or ZyWall IPSec VPN client, in this way, you can turn off the https Web GUI access from WAN.

  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    You could mitigate this problem by changing the access port to another, not well-known port. The changed port will apply to the https login as well as the SecuExtender connect port.

    Further you could set the access permissions for all of your single zones. Finally the login screen will still appear but the login fails in any way.

Security Highlight