How to let the web ui of zywall only accessable by using only one domin zone
JiangNanGenius
Posts: 6 Freshman Member
How to set a limitation. To only use one domain zone like it.XXX.com instead accessible from all domain that binded with the IP-address
0
Accepted Solution
-
@JiangNanGenius
As I know, ZyWALL doesn't support reverse proxy(like nginx) to map to internal server by FQDN.
But I found a work-around that can use Content Filter function to limit only access the FQDN can access the mapped internal web server.
1. Go to UTM profile > Content Filter, create a profile.
- Enable the Custom Service
- Enable Allow web traffic for trusted web sited only
- Add the FQDN into the Trusted Web Sites list
2. Apply the Content Filter profile on the Security Policy for access the internal web server
Then, only the HTTP request to this FQDN can access the internal web server.
Other request will be blocked and get a denied message.
6
All Replies
-
i'm using a zywall 1100
-
You can only grouping the FQDN objects (host1.it.xxx.com, host2.it.xxx.com, ...).
Wildcard(*.it.xxx.com) is not possible as source, since "*" means unknown.
0 -
@Ian31 Thanks a lot for your reply. But actually the problem is i cannot find the option0
-
Sorry, I think I misunderstood what you want.
Do you want to limit the source IP that can access the device GUI ?
or want to limit the device GUI binding FQDN ? (like a virtual host of web service)
0 -
@Ian31 Accutally i want to limit the device GUI binding FQDN. Like using nas.xxx.com to only my nas remote.
0 -
@JiangNanGenius
As I know, ZyWALL doesn't support reverse proxy(like nginx) to map to internal server by FQDN.
But I found a work-around that can use Content Filter function to limit only access the FQDN can access the mapped internal web server.
1. Go to UTM profile > Content Filter, create a profile.
- Enable the Custom Service
- Enable Allow web traffic for trusted web sited only
- Add the FQDN into the Trusted Web Sites list
2. Apply the Content Filter profile on the Security Policy for access the internal web server
Then, only the HTTP request to this FQDN can access the internal web server.
Other request will be blocked and get a denied message.
6 -
@Ian31 Thanks a lot it's working
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight