RE: Local service ACL exception rule command line?

Bharat J — Sat, 05 Feb 2022 08:32:57 GMT

Please follow the below steps to meet your requirement :

1. Execute the below command :

console> system appliance_access enable.

2. Now access the Sophos XG firewall GUI, as per the above command you will get on HTTPS SSH ping and all the services available on Sophos XG

3. Enable the HTTPS from Sophos XG GUI Webadmin and the service/s you have to disable previously.

4. Execute the below command :

console> system appliance_access disable.

5.Go to Administration > Device access and click Add under Local service ACL exception rule.

Enter a name.
Select the Rule position.
Enter a description.
Select the IP version from the following options:
Available options:
- IPv4
- IPv6
Select the Source zone to which the rule applies.
Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies. Click Create new to create a new source network/host.
Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies. Click Create new to create a new destination network/host.

NoteSpecifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.
Click Add new item to select the admin Services to which the rule applies.
Available options:
- HTTPS
- Telnet
- SSH
- Web proxy
- DNS
- Ping/Ping6
- SSL VPN
- User portal
- Dynamic routing
Select an Action.
Available options:
- Accept
Click Save.

11. Refer the below snapshot :

12. After you create the rule as above only those IP mentioned on Source Network/host will have access to Sophos XG.

13. You can manage Sophos XG firewall from Sophos Central free-tail is available by Sophos.

LuCar Toni — Sat, 05 Feb 2022 00:04:08 GMT

Actually that should give you access back on all interfaces.