Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1455 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local service ACL exception rule command line?

Eirik Jolle

I enabled the Local service ACL exception rule. Some how, I didn't get that right. Now im locked out from Web interface. The SSH is still working.

How can i disable this ACL from command line/SSH? I tried:

console> system appliance_access show
Appliance access disabled.

Guess that this is not the right command?



This thread was automatically locked due to age.
  • 0

    Actually that should give you access back on all interfaces. 

    __________________________________________________________________________________________________________________

  • 0

    Hi Eirik Jolle

    Please follow the below steps to meet your requirement : 

    1. Execute the below command :

    console> system appliance_access enable.

    2. Now access the Sophos XG firewall GUI, as per the above command you will get on HTTPS SSH ping and all the services available on Sophos XG

    3. Enable the HTTPS from Sophos XG GUI Webadmin and the service/s you have to disable previously.

    4. Execute the below command :

    console> system appliance_access disable.

    5.Go to Administration > Device access and click Add under Local service ACL exception rule.

    1. Enter a name.
    2. Select the Rule position.
    3. Enter a description.
    4. Select the IP version from the following options:
      Available options:
      • IPv4
      • IPv6
    5. Select the Source zone to which the rule applies.
    6. Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies. Click Create new to create a new source network/host.
    7. Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies. Click Create new to create a new destination network/host.
      NoteSpecifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.
    8. Click Add new item to select the admin Services to which the rule applies.
      Available options:
      • HTTPS
      • Telnet
      • SSH
      • Web proxy
      • DNS
      • Ping/Ping6
      • SSL VPN
      • User portal
      • Dynamic routing
    9. Select an Action.
      Available options:
      • Accept
    10. Click Save.

    11. Refer the below snapshot : 

    12. After you create the rule as above only those IP mentioned on Source Network/host will have access to Sophos XG.

    13. You can manage Sophos XG firewall from Sophos Central free-tail is available by Sophos.

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?