Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 35563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote administration

BrandonRiffel

I'd like to allow remote access to the SSL admin page.  I have the XG firewall software running inside a VM in my home lab (acting as my production firewall on my ATT Gigapower.  Their gateway is total garbage).  I would like to restrict access to that admin page ONLY from connections coming from my place of employment (I am the admin there as well).  So I need to enable the admin portal on the WAN connection, but then restrict connections on port 4444 to only allow from the public IP of my office.  So that way I can check my logs and make changes at home, from work.

Right now it is wide open and so I can manage it from work, from my phone, from the coffee shop, etc.  Obviously not good.  What rule do I create to restrict this?  Thank you



This thread was automatically locked due to age.
Parents
  • 0
    Ok, so I may have figured out something. On the Device access page. I unchecked the WAN HTTPS checkbox, expecting it to block my port 4444 access to the admin page from here at work. It didn't. Then I saw that I had previously created a Local Service ACL exception rule called remoteadmin:

    Source Zone: Any
    Network/Host: (created an item with the static external IP of my work gateway)
    Services: HTTPS (predefined in the list)
    Action: Accept

    Is this the best practice method for allowing remote access to the admin page of the XG appliance from a single remote IP address?
  • 0 in reply to BrandonRiffel
    Jhawk44,

    the ACL Exception rule is the best way to allow access to webadmin webpage. Anyway you should allow access to Webadmin only from certain internal IP. If you need to access it from external, setup a VPN on XG.

    Luk
Reply Children
No Data
Unfiltered HTML