Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 5570 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restrict incoming URL to trusted networks....

ezhess
We're on UTM version 9.210-20.  We are looking to restrict the admin portal URLs of our web servers to only trusted networks.  We only want to allow access from our internal private networks.  Is Sophos able to do this?  If so what module would that be a part of?

As an example if the admin URL was...

http://www.example.com/webadmin

We would only want trusted internal networks to get to that specific URL, but allow internet traffic to all other URLs for that site.  I know some of the CMS applications we use have third party software which allows this functionality, but other CMS applications we use don't.  In addition I believe it may be easier for us to maintain/configure on the firewall level, assuming this is possible.      

Thanks!


This thread was automatically locked due to age.
Parents
  • 0
    It also looks like "Webserver protection" is hit before the firewall policies ar
    The order of processing is Country Blocking, NAT, Proxy, manual firewall rules.

    You could block the specific traffic via a blackhole DNAT rule.

    Traffic from:  IPs you want to block
    Service(s):  Whatever service(s) you want
    Destination:  Your Interface (Address) object
    New Destination would be a fake IP.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    The order of processing is Country Blocking, NAT, Proxy, manual firewall rules.

    You could block the specific traffic via a blackhole DNAT rule.

    Traffic from:  IPs you want to block
    Service(s):  Whatever service(s) you want
    Destination:  Your Interface (Address) object
    New Destination would be a fake IP.


    Thank you Scott, this is very usefull info for me! [:)]
Reply
  • 0 in reply to Scott_Klassen
    The order of processing is Country Blocking, NAT, Proxy, manual firewall rules.

    You could block the specific traffic via a blackhole DNAT rule.

    Traffic from:  IPs you want to block
    Service(s):  Whatever service(s) you want
    Destination:  Your Interface (Address) object
    New Destination would be a fake IP.


    Thank you Scott, this is very usefull info for me! [:)]
Children
No Data
Unfiltered HTML