Enable SSL_VPN and disable remote managment

xkp68
xkp68 Posts: 26  Freshman Member
First Comment Second Anniversary
edited April 2021 in Security
Hello,
i have created a SSL_VPN zone  with the ge3 interface as a member. The ge3 interface has a public ip address "MYPUBLICIP".
Then i configured an SSL VPN and i am able to reach and use it from clients with Secure extender.
As I changed the port of "configuration->System->WWW->Service control->HTTPS" from 443 to 4443 i use the
"MYPUBLICIP:4443" in secure extender and in order to reach the SSL_VPN and I create a rule to allow traffic from WAN to SSL_VPN zone.
The problem is that in this way, i m even able to access remote management if in a browser I type 
https://MYPUBLICIP:4443.
I wonder if there is a way to have the SSL_VPN working but to completely disable the remote menagement from public IPs.
Thanks in advance.
Filippo

Just an update:
i have edited the "Admin Service Control" as showed in the pic:

In this way i should be able to deny access from OFWAN2 which is the interface with my MYPUBLICIP.
But even in this way, typing https://MYPUBLICIP:4443. in a web browser from internet I am able to access remote management.

Accepted Solution

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited November 2020 Answer ✓
    @xkp68
    Go to Configuration>WWW>Session control>create the profile on Admin Service Control
    Zone select the Zone which you created, and choose deny
    For example, create profile OPT deny.
    Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited November 2020 Answer ✓
    @xkp68
    Go to Configuration>WWW>Session control>create the profile on Admin Service Control
    Zone select the Zone which you created, and choose deny
    For example, create profile OPT deny.
    Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.
  • xkp68
    xkp68 Posts: 26  Freshman Member
    First Comment Second Anniversary
    Zyxel_Charlie
    Thank you very much  

Security Highlight