How to let the web ui of zywall only accessable by using only one domin zone
JiangNanGenius
Posts: 6
How to set a limitation. To only use one domain zone like it.XXX.com instead accessible from all domain that binded with the IP-address
0
Accepted Solution
-
@JiangNanGenius
As I know, ZyWALL doesn't support reverse proxy(like nginx) to map to internal server by FQDN.
But I found a work-around that can use Content Filter function to limit only access the FQDN can access the mapped internal web server.
1. Go to UTM profile > Content Filter, create a profile.
- Enable the Custom Service
- Enable Allow web traffic for trusted web sited only
- Add the FQDN into the Trusted Web Sites list
2. Apply the Content Filter profile on the Security Policy for access the internal web server
Then, only the HTTP request to this FQDN can access the internal web server.
Other request will be blocked and get a denied message.
6
All Replies
-
i'm using a zywall 1100
-
You can only grouping the FQDN objects (host1.it.xxx.com, host2.it.xxx.com, ...).
Wildcard(*.it.xxx.com) is not possible as source, since "*" means unknown.
0 -
@Ian31 Thanks a lot for your reply. But actually the problem is i cannot find the option0
-
Sorry, I think I misunderstood what you want.
Do you want to limit the source IP that can access the device GUI ?
or want to limit the device GUI binding FQDN ? (like a virtual host of web service)
0 -
@Ian31 Accutally i want to limit the device GUI binding FQDN. Like using nas.xxx.com to only my nas remote.
0 -
@JiangNanGenius
As I know, ZyWALL doesn't support reverse proxy(like nginx) to map to internal server by FQDN.
But I found a work-around that can use Content Filter function to limit only access the FQDN can access the mapped internal web server.
1. Go to UTM profile > Content Filter, create a profile.
- Enable the Custom Service
- Enable Allow web traffic for trusted web sited only
- Add the FQDN into the Trusted Web Sites list
2. Apply the Content Filter profile on the Security Policy for access the internal web server
Then, only the HTTP request to this FQDN can access the internal web server.
Other request will be blocked and get a denied message.
6 -
@Ian31 Thanks a lot it's working
1
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight