This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mgmt interface IP and certificate

Hello,

I have Sophos UTM with the configuration:

eth0-WAN (i set up here dynamic dns xxx.ddns.net)

eth1-LAN vlan

eth2-DMZ vlan

eth3-MGMT vlan

Questions:

1. I see the Webadmin GUI is reachable via any the IP of any of three interfaces above. Is there a way to set the GUI to be accessible on only one of the interfaces? (other than set explicit firewall rules that block access to those particular IPs on port 4444).

2. I have configured a certificate with Let's Encrypt for the xxx.ddns.net. When i access the Webadmin GUI on this hostname (from inside my networks or from the internet), the connection is secured, all good. When i access the GUI on the IP of any other interfaces (LAN/DMZ/MGMT as stated above), the connection is not secure. Is there a way to secure the connection to the GUI on LAN/DMZ/MGMT IPs of the firewall? If not, then question 1 again.

 

My goal:

Restrict the access on the Webadmin GUI from the internet, and to allow it to be reachable only via MGMT interface IP, coming from LAN and from VPN. In the same time, i want the User Portal to be accessible from the internet (for the VPNs). I want this scenario to be secured with a certificate.

Thanks.



This thread was automatically locked due to age.