XG Firewall, is it possible to restrict User Portal Access from WAN

We are using AD for authentication but access to the user portal should be restricted from outside.

Is it true that user access to the XG user portal web page cannot be restricted? Even not from the WAN side?

How is it protected then against brute force attacks to get passwords?




  • Hi Fred,

    you disable access in the administration -> device access tab.


  • In reply to rfcat_vk:

    That will disable access completely while it is needed for SSL VPN access. So my question was not specific enough as access should be allowed to a certain AD group only.



  • In reply to Fred Blum:

    While you aren't able to lock it down to define it per AD group, because the portal would already be exposed and the user authentication attempts passed onto AD to verify the group; you are however able to lock it down to source IP/network (country) which is what I did.

    Under the device access, create a local ACL service and have the source zone as WAN, and select the source network as your country then select the user portal as the service and accept. Then you can remove the tick box for the User Portal on the WAN zone. At least you can secure it by country, which is better than nothing.