Enable SSL_VPN and disable remote managment
Hello,
i have created a SSL_VPN zone with the ge3 interface as a member. The ge3 interface has a public ip address "MYPUBLICIP".
Then i configured an SSL VPN and i am able to reach and use it from clients with Secure extender.
As I changed the port of "configuration->System->WWW->Service control->HTTPS" from 443 to 4443 i use the
"MYPUBLICIP:4443" in secure extender and in order to reach the SSL_VPN and I create a rule to allow traffic from WAN to SSL_VPN zone.
The problem is that in this way, i m even able to access remote management if in a browser I type
https://MYPUBLICIP:4443.
I wonder if there is a way to have the SSL_VPN working but to completely disable the remote menagement from public IPs.
Thanks in advance.
Filippo
Just an update:
i have edited the "Admin Service Control" as showed in the pic:
In this way i should be able to deny access from OFWAN2 which is the interface with my MYPUBLICIP.
But even in this way, typing https://MYPUBLICIP:4443. in a web browser from internet I am able to access remote management.
i have created a SSL_VPN zone with the ge3 interface as a member. The ge3 interface has a public ip address "MYPUBLICIP".
Then i configured an SSL VPN and i am able to reach and use it from clients with Secure extender.
As I changed the port of "configuration->System->WWW->Service control->HTTPS" from 443 to 4443 i use the
"MYPUBLICIP:4443" in secure extender and in order to reach the SSL_VPN and I create a rule to allow traffic from WAN to SSL_VPN zone.
The problem is that in this way, i m even able to access remote management if in a browser I type
https://MYPUBLICIP:4443.
I wonder if there is a way to have the SSL_VPN working but to completely disable the remote menagement from public IPs.
Thanks in advance.
Filippo
Just an update:
i have edited the "Admin Service Control" as showed in the pic:
In this way i should be able to deny access from OFWAN2 which is the interface with my MYPUBLICIP.
But even in this way, typing https://MYPUBLICIP:4443. in a web browser from internet I am able to access remote management.
0
Accepted Solution
-
@xkp68
Go to Configuration>WWW>Session control>create the profile on Admin Service Control
Zone select the Zone which you created, and choose deny
For example, create profile OPT deny.
Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.1
All Replies
-
@xkp68
Go to Configuration>WWW>Session control>create the profile on Admin Service Control
Zone select the Zone which you created, and choose deny
For example, create profile OPT deny.
Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.1 -
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight