How to configure a whitelist for remote management to prevent unauthorized access

Zyxel_Arisa Posts: 25  Zyxel Employee
Friend Collector First Answer First Comment
edited July 2022 in Network Security
The example shows administrators how to configure a whitelist for host devices that prevents attempted access from unauthorized devices or subnets. The whitelist inspects the source IP addresses of hosts and the types of services accessing the switch (Ex: Telnet, FTP, HTTP…..).

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using XGS4600-32 (Firmware Version: V4.50).

1. Configure the whitelist of the remote management

Enter the web GUI and go to Menu > Management > Access Control > Remote Management > Click Here using AdministratorPC. Enter the range of IP addresses and the corresponding types of services that are allowed to access the Switch. Then click “Apply”.

Test the Result

In the setting, we set the IP range:, which is allowed to access the Switch by all protocol types, EXCEPT HTTP. Therefore, if we use PC-1 ( to access the Switch by HTTP, the Switch will refuse the connection. If we try to access the web GUI by HTTPS (Enter the, PC-1 can connect to the Switch successfully.

The PC-2 ( is not in the range which is allowed to access the Switch. PC-2 cannot access or ping the switch’s management IP address.

AdministratorPC can access the Switch by all service types successfully.

What could go wrong?

The IP address is setting up repeatedly, but the setting is different. The logic rule of whitelist is OR.
For example, if we set the range of the IP addresses shown below. is repeatedly set up accidently. The result is that all types of services are ALLOWED for

If the administrator has forgotten or lost track of the whitelisted IP addresses, the administrator will not be able to access the Switch. To solve this problem, use Console to verify the settings. Administrators can find out which IP addresses are allowed to access the Switch by reviewing the running configurations.

If the Switch does not support Console, please check the manual of your Switch model to find out how to restore device to factory default settings.