Enable SSL_VPN and disable remote managment
Options
Hello,
i have created a SSL_VPN zone with the ge3 interface as a member. The ge3 interface has a public ip address "MYPUBLICIP".
Then i configured an SSL VPN and i am able to reach and use it from clients with Secure extender.
As I changed the port of "configuration->System->WWW->Service control->HTTPS" from 443 to 4443 i use the
"MYPUBLICIP:4443" in secure extender and in order to reach the SSL_VPN and I create a rule to allow traffic from WAN to SSL_VPN zone.
The problem is that in this way, i m even able to access remote management if in a browser I type
https://MYPUBLICIP:4443.
I wonder if there is a way to have the SSL_VPN working but to completely disable the remote menagement from public IPs.
Thanks in advance.
Filippo
Just an update:
i have edited the "Admin Service Control" as showed in the pic:
In this way i should be able to deny access from OFWAN2 which is the interface with my MYPUBLICIP.
But even in this way, typing https://MYPUBLICIP:4443. in a web browser from internet I am able to access remote management.
i have created a SSL_VPN zone with the ge3 interface as a member. The ge3 interface has a public ip address "MYPUBLICIP".
Then i configured an SSL VPN and i am able to reach and use it from clients with Secure extender.
As I changed the port of "configuration->System->WWW->Service control->HTTPS" from 443 to 4443 i use the
"MYPUBLICIP:4443" in secure extender and in order to reach the SSL_VPN and I create a rule to allow traffic from WAN to SSL_VPN zone.
The problem is that in this way, i m even able to access remote management if in a browser I type
https://MYPUBLICIP:4443.
I wonder if there is a way to have the SSL_VPN working but to completely disable the remote menagement from public IPs.
Thanks in advance.
Filippo
Just an update:
i have edited the "Admin Service Control" as showed in the pic:
In this way i should be able to deny access from OFWAN2 which is the interface with my MYPUBLICIP.
But even in this way, typing https://MYPUBLICIP:4443. in a web browser from internet I am able to access remote management.
0
Accepted Solution
-
@xkp68
Go to Configuration>WWW>Session control>create the profile on Admin Service Control
Zone select the Zone which you created, and choose deny
For example, create profile OPT deny.
Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.1
All Replies
-
@xkp68
Go to Configuration>WWW>Session control>create the profile on Admin Service Control
Zone select the Zone which you created, and choose deny
For example, create profile OPT deny.
Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.1 -
0
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight