Mgmt interface IP and certificate

Question

Hello, 
 I have Sophos UTM with the configuration: 
 eth0-WAN (i set up here dynamic dns xxx.ddns.net) 
 eth1-LAN vlan 
 eth2-DMZ vlan 
 eth3-MGMT vlan 
 Questions: 
 1. I see the Webadmin GUI is reachable via any the IP of any of three interfaces above. Is there a way to set the GUI to be accessible on only one of the interfaces? (other than set explicit firewall rules that block access to those particular IPs on port 4444). 
 2. I have configured a certificate with Let's Encrypt for the xxx.ddns.net. When i access the Webadmin GUI on this hostname (from inside my networks or from the internet), the connection is secured, all good. When i access the GUI on the IP of any other interfaces (LAN/DMZ/MGMT as stated above), the connection is not secure. Is there a way to secure the connection to the GUI on LAN/DMZ/MGMT IPs of the firewall? If not, then question 1 again. 
 
 My goal: 
 Restrict the access on the Webadmin GUI from the internet, and to allow it to be reachable only via MGMT interface IP, coming from LAN and from VPN. In the same time, i want the User Portal to be accessible from the internet (for the VPNs). I want this scenario to be secured with a certificate. 
 Thanks.

DKKDG · Answer

Hi panicos, 
 there is no way to set an listen interface for the webadmin 
 But you can define the allowed networks for the webadmin: 
 Here you can set your MGMT network, so that only device from the MGMT network can access the webadmin 
 Best Regards DKKDG