Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 7478 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

forbid Access to the Webinterface of the Router for a special VLAN using the SG105

Andreas Czech

Hi,

in won't allow (forbid) the Access to the Webinterface of the Router for the Guest-VLAN.

But if I block all Traffic on Port 80, no is able to surf in the Internet.

What else should I do?

For good Ideas very thankful.



This thread was automatically locked due to age.
Parents
  • 0

    What do you have in allowed networks at management》》webadmin settings》》general? This is what controls access to webadmin.

    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Just my Internal Network ... but I won't deny the Access to the Firewall (already done) furthermore to my Router (before the Firewall).
  • 0 in reply to Andreas Czech
    Hi Andreas,

    is the router interface, over which the HTTP management site is accessable, in the same subnet as the guest clients? Then you have no chance to block the access via the UTM because the traffic passes only the UTM firewall when it has to be routed.

    My first idea was a privat VLAN, where every client has to send his traffic to the gateway address and can not see any other clients in the subnet. But as far as I know this function is not supportet by the UTM.

    Another idea: some routers allow to choose over which interface the management site is available. Maybe you can deactivate the site on the guest interface completly, and activate it only on the "WAN" interface. Or you can define a single IP which is allowed to connect to the management site.

    I've installed OpenWRT on my router and created a VLAN for the guest network, and another VLAN for my management network. Both VLANs terminates on the UTM where I can control the access via the firewall.

    Hope I can help you or at least give you some insperation :)

    Jas Man
Reply
  • 0 in reply to Andreas Czech
    Hi Andreas,

    is the router interface, over which the HTTP management site is accessable, in the same subnet as the guest clients? Then you have no chance to block the access via the UTM because the traffic passes only the UTM firewall when it has to be routed.

    My first idea was a privat VLAN, where every client has to send his traffic to the gateway address and can not see any other clients in the subnet. But as far as I know this function is not supportet by the UTM.

    Another idea: some routers allow to choose over which interface the management site is available. Maybe you can deactivate the site on the guest interface completly, and activate it only on the "WAN" interface. Or you can define a single IP which is allowed to connect to the management site.

    I've installed OpenWRT on my router and created a VLAN for the guest network, and another VLAN for my management network. Both VLANs terminates on the UTM where I can control the access via the firewall.

    Hope I can help you or at least give you some insperation :)

    Jas Man
Children
No Data
Unfiltered HTML