Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 2151 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Sophos Interface for certain VLAN interfaces?

Noobia Nobber

Hello there,

I set up a network with three ( 10,20,30 ) different VLANs ( they work so far so good ) but I want to block access to Sophos web interface ( port 4444 ) , SSH ( 22 ) and User Portal ( 443 ) .

Each VLAN has own DHCP gateway ( 172.10.10.5 , 172.20.20.5 , 172.30.30.5 ) so I created a reject rule for 172.20.20.5 and 172.30.30.5 but it simply doesn't work.

Even a simple 172.10.10.100 to 172.20.20.5 and 172.30.30.5 with three restricted services has no effect, it happily reaches Sophos.

Am I supposed to block another IP or ...?

Thanks in advance.



This thread was automatically locked due to age.
  • +1

    Hello Noobia,

    Thank you for contacting the Sophos Community!

    To block access to the GUI you need to go to System >> Administration >> Device Access >> Local Service ACL, and uncheck HTTPS/SSH for LAN or for whichever zone those Vlans are configured. 

     If let's say you have several devices in different LAN zones, the best is to do what I mentioned above and then create a Local Service ACL exception rule, for example in the screenshot below after I have disable LAN access, I created the rule to only allow that specific IP to get access to the GUI and SSH. 

    This is an approach but there are different approaches you can take, such as creating a new zone for your computers and keep HTTPS enable for that zone, and disable for the other ones. 

    Regards,