Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 1227 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How may I assign static listen addresses to the admin webpage ?

J Thai

Hello everyone,

I am using the 192.168.x.y/24 subnet in my Sophos XG Firewall v18 for my network. I have set up multiple VLAN interfaces on it with different values of x and y. But every time I type in the gateway address of each respective VLAN interface, the webadmin page shows up. That is very insecure !

How may I enforce the XG to only load the webadmin page when & only when the address is 192.168.1.1 across all interfaces ?

Thank you very much in advance.



This thread was automatically locked due to age.
  • 0

    Did you block the Webadmin via Device Access? 

    __________________________________________________________________________________________________________________

  • 0

    You should only allow webadmin access from dedicated hosts.

    Not the target IP but the source IP should be decisive.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Thanks for your reply. How can I do it ?

  • 0 in reply to J Thai

    Within administration / device access select only trusted zones within "Local service ACL / HTTP"

    ... or more restrictive ... select only trusted hosts within "Local service ACL exception rule" and allow HTTP access.

    but be careful ... first allow / test / forbid ... do not forbid your own access.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Thank you for your reply. I can not yet find the option for only trusted zones within "Local service ACL / HTTP". This is my interface. Where may I find it ?

  • 0 in reply to J Thai

    HTTPS is Webadmin.

    But based on your screenshot, you are using the same Zone for every Interface. So you cannot limit it based on Zones. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Well, I have created multiple VLAN interfaces and mostly all of them have been put under the LAN zones. Has this been un-wise for me to do so ? If so, how can I now limit it without having to rely on Zones ?

  • 0 in reply to J Thai

    You can use one Zone, but you will lack in granulate later. With Zone based concepts and VLANs in own Zones, you can define more granular firewall rules in a quicker manner. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Then what can I do now to achieve the question in the title of this topic ? And what else can I do later on to re-gain your ‘granulate’ !?

  • 0 in reply to LuCar Toni

    I just happened to come across this Youtuber who is posting tutorial video clips about Sophos XG v18. This guy has a habit of going to the 'Hosts and Services' tab and create IP hosts (host groups) before creating an interface.

    Here, 2 more questions have arisen from me :

    1. Does this habit have any benefits for me when using Sophos XG v18 ?
    2. Does this habit increase the granularity when I issue firewall & ACL policies & rules as well ?

    Thank you again buddy. 

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?