Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 1215 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How may I assign static listen addresses to the admin webpage ?

J Thai

Hello everyone,

I am using the 192.168.x.y/24 subnet in my Sophos XG Firewall v18 for my network. I have set up multiple VLAN interfaces on it with different values of x and y. But every time I type in the gateway address of each respective VLAN interface, the webadmin page shows up. That is very insecure !

How may I enforce the XG to only load the webadmin page when & only when the address is 192.168.1.1 across all interfaces ?

Thank you very much in advance.



This thread was automatically locked due to age.
Parents
  • 0

    You should only allow webadmin access from dedicated hosts.

    Not the target IP but the source IP should be decisive.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Thanks for your reply. How can I do it ?

  • 0 in reply to J Thai

    Within administration / device access select only trusted zones within "Local service ACL / HTTP"

    ... or more restrictive ... select only trusted hosts within "Local service ACL exception rule" and allow HTTP access.

    but be careful ... first allow / test / forbid ... do not forbid your own access.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Thank you for your reply. I can not yet find the option for only trusted zones within "Local service ACL / HTTP". This is my interface. Where may I find it ?

  • 0 in reply to J Thai

    HTTPS is Webadmin.

    But based on your screenshot, you are using the same Zone for every Interface. So you cannot limit it based on Zones. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Well, I have created multiple VLAN interfaces and mostly all of them have been put under the LAN zones. Has this been un-wise for me to do so ? If so, how can I now limit it without having to rely on Zones ?

Reply Children
  • 0 in reply to J Thai

    You can use one Zone, but you will lack in granulate later. With Zone based concepts and VLANs in own Zones, you can define more granular firewall rules in a quicker manner. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Then what can I do now to achieve the question in the title of this topic ? And what else can I do later on to re-gain your ‘granulate’ !?

  • 0 in reply to LuCar Toni

    I just happened to come across this Youtuber who is posting tutorial video clips about Sophos XG v18. This guy has a habit of going to the 'Hosts and Services' tab and create IP hosts (host groups) before creating an interface.

    Here, 2 more questions have arisen from me :

    1. Does this habit have any benefits for me when using Sophos XG v18 ?
    2. Does this habit increase the granularity when I issue firewall & ACL policies & rules as well ?

    Thank you again buddy. 

  • 0 in reply to J Thai

    You can do both. 

    Basically the firewall is a ip based firewall. You do not have to do it but you can do it. 

    If you start to use individual zones, you can start to do "VOIP to Printer", voip and printer are own zones. 

    Then you need more firewall rules. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I see. So is this the correct procedure to manage my Sophos XG firewall system ?

    Name a Host IP (Group) >> Set (VLAN) Interfaces >> Group the interfaces into (LAN) Zones >> Adjusting ACL matrix >> Modify (Application) Filter >> Create Firewall Rules or Policies. 

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?