connecting to the management interface from different subnet
Pischta
Newbie ✭
I can connect the management web interface of our firewalls (TZ670s and TZ370), when I am in the same subnet, in what the interface is. But when I try to connect to it from a different subnet, I cannot.
I have a firewall rule for my ip, what allows the connection, so not a firewall rule issue, in my opinion. Is there a restricting option that escaped my attention?
Category: Entry Level Firewalls
0
Answers
@Pischta if your other subnet is bound to an interface, you can enable Management on that and access it by this Interface IP.
If this is not an option and you need to connect to lets say X0 IP you have to make sure that the Access Rule from Whatever-Zone to LAN destined to X0 IP with Service HTTPS Management has the Option "Management Rule" enabled, otherwise the Rule will not work.
—Michael@BWC
My othe subnet is not bound to an interface.
My access rule:
source:
zone: any
address: my address
port: any
Destination:
zone: any
address: any
port: any
At the optional settings, I allowed management traffic for that rule. You referred that option? But I still cannot access the management interface (ping works).
How does the additional subnet is getting routed to the firewall and on which interface? Is it behind a Core Switch on the LAN Interface or manually assigned as secondary subnet to the LAN Interface?
—Michael@BWC
I connect to the lan with an openvpn server. It connects to the same subnet as the router's management interface. This server connects to a switch, not directly to the router.
OK, hopefully I get this right, but did you added a Route telling the SonicWall that the additional subnet is reachable via the OVPN Server? If not you might have seen Anti Spoof Events already?
I would tie the Access Rule a little bit up like this:
Zone: LAN to LAN
Src: OVPN client subnet
Dst: X0 IP
Source SVC: Any
Service: HTTPS Management
and the Allow Management checked.
—Michael@BWC