Webaccess vs SSl VPN
In regards to the security risk announced last friday, I'm pondering in how to go about restricting wan webaccess to the device from my wan ip without interfering with SSl VPN. Currently managing about 50 Companies with this setup. and they connect from many different IP's so i can't really add them all nor do i want to.
So how do i do this if even possible?
0
All Replies
-
IMVHO you missed the update where the webaccess and SSLVPN ports were splitted.
1 -
Hi @KasperLIT
You can refer to the below FAQ links to see how to deploy it
.How to mitigate the threat of the security incident
Best Practices to Secure a Distributed Network Infrastructure
Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
Yes, as already said by mMontana above, update to the latest FW and firstly split to different non-well-known ports for accessing SSL VPN (e.g. 40443) and Admin web console (e.g. 50443). Further restrict the access to web console to LAN zones only, means no access from WAN interface is possible.In our case, when trying to access USG web interface from remote, I firstly have to connect to Company LAN by SSL VPN, followed by remotely starting my office computer via magic network packet, followed by establishing a RDP connection to my computer from which I have finally access to USG web console.1
-
Thanks for the info, that was probably the info i missed and surely needed.
1
Guru Member
Zyxel Employee
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
