Sophos Firewall

Discussions Use FQDN-Host Object for Device Access ACL

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 3 replies
Answers 1 answer
Subscribers 39 subscribers
Views 2149 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use FQDN-Host Object for Device Access ACL

FFin over 2 years ago

Is there an workaround to use FQDN-Host Objects as a source for ACL exception rule on Device access?

I used "DNS Host" Objects back in Sophos SG/UTM to limit WebAdmin Access by keeping flexibility of centrally changing DNS-Entrys.

How to do this in XG/SFOS? I can select FQDN-Host Object as Source within (D-)NAT-Rules, but not in DeviceAccess ACL?

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 2 years ago +1 suggested

That is currently not possible. I would always recommend to use Central to have Webadmin access. For SSH, use a VPN Client.

Parents

0 Wayne Folta over 2 years ago

What device access do you want to expose to the WAN? If it's Admin Services (HTTPS, SSH) I'd require them to VPN in and allow that access from the VPN. But there are also complications to doing that, and in the end I did start using Sophos Central and I really like it.

I also converted to running APs from Central as well (rather than from the appliance) and that's working well. I was able to figure out how to do the multiple steps to convert from appliance-run to Central-run wireless, so it's not hard but it's not automatic either. And once you're running multiple things from Central it's more useful.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Wayne Folta over 2 years ago

What device access do you want to expose to the WAN? If it's Admin Services (HTTPS, SSH) I'd require them to VPN in and allow that access from the VPN. But there are also complications to doing that, and in the end I did start using Sophos Central and I really like it.

I also converted to running APs from Central as well (rather than from the appliance) and that's working well. I was able to figure out how to do the multiple steps to convert from appliance-run to Central-run wireless, so it's not hard but it's not automatic either. And once you're running multiple things from Central it's more useful.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data