Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions XG Firewall, is it possible to restrict User Portal Access from WAN

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 40 subscribers
Views 5336 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall, is it possible to restrict User Portal Access from WAN

Fred_B over 5 years ago

We are using AD for authentication but access to the user portal should be restricted from outside.

Is it true that user access to the XG user portal web page cannot be restricted? Even not from the WAN side?

How is it protected then against brute force attacks to get passwords?

TIA,

Fred

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 5 years ago

Hi Fred,

you disable access in the administration -> device access tab.

Ian

XG115W - v20.0.1 MR-1 - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Fred_B over 5 years ago in reply to rfcat_vk

That will disable access completely while it is needed for SSL VPN access. So my question was not specific enough as access should be allowed to a certain AD group only.

Thanks,

Fred
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Fred_B over 5 years ago in reply to rfcat_vk

That will disable access completely while it is needed for SSL VPN access. So my question was not specific enough as access should be allowed to a certain AD group only.

Thanks,

Fred
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Paul Fairbank over 3 years ago in reply to Fred_B

While you aren't able to lock it down to define it per AD group, because the portal would already be exposed and the user authentication attempts passed onto AD to verify the group; you are however able to lock it down to source IP/network (country) which is what I did.

Under the device access, create a local ACL service and have the source zone as WAN, and select the source network as your country then select the user portal as the service and accept. Then you can remove the tick box for the User Portal on the WAN zone. At least you can secure it by country, which is better than nothing.

Regards
Cancel
Vote Up 0 Vote Down

Cancel