Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 5256 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall, is it possible to restrict User Portal Access from WAN

Fred_B

We are using AD for authentication but access to the user portal should be restricted from outside.

Is it true that user access to the XG user portal web page cannot be restricted? Even not from the WAN side?

How is it protected then against brute force attacks to get passwords?

TIA,

Fred

 



This thread was automatically locked due to age.
  • 0

    Hi Fred,

    you disable access in the administration -> device access tab.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    That will disable access completely while it is needed for SSL VPN access. So my question was not specific enough as access should be allowed to a certain AD group only.

    Thanks,

    Fred

  • 0 in reply to Fred_B

    While you aren't able to lock it down to define it per AD group, because the portal would already be exposed and the user authentication attempts passed onto AD to verify the group; you are however able to lock it down to source IP/network (country) which is what I did.

    Under the device access, create a local ACL service and have the source zone as WAN, and select the source network as your country then select the user portal as the service and accept. Then you can remove the tick box for the User Portal on the WAN zone. At least you can secure it by country, which is better than nothing.

    Regards

Unfiltered HTML