Webaccess vs SSl VPN
Options
In regards to the security risk announced last friday, I'm pondering in how to go about restricting wan webaccess to the device from my wan ip without interfering with SSl VPN. Currently managing about 50 Companies with this setup. and they connect from many different IP's so i can't really add them all nor do i want to.
So how do i do this if even possible?
0
All Replies
-
IMVHO you missed the update where the webaccess and SSLVPN ports were splitted.
1 -
Hi @KasperLIT
You can refer to the below FAQ links to see how to deploy it
.How to mitigate the threat of the security incident
Best Practices to Secure a Distributed Network Infrastructure
Thanks.
0 -
Yes, as already said by mMontana above, update to the latest FW and firstly split to different non-well-known ports for accessing SSL VPN (e.g. 40443) and Admin web console (e.g. 50443). Further restrict the access to web console to LAN zones only, means no access from WAN interface is possible.In our case, when trying to access USG web interface from remote, I firstly have to connect to Company LAN by SSL VPN, followed by remotely starting my office computer via magic network packet, followed by establishing a RDP connection to my computer from which I have finally access to USG web console.1
-
Thanks for the info, that was probably the info i missed and surely needed.
1
Guru Member
Zyxel Employee
Master Member
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
