Having an issue with Appliance being visable to public internet for management
joela80
Newbie ✭
Hi wondering if anyone can help as im pretty new to Sonical wall devices, i have a TZ 570 and im trying to stop the admin interface being vible across the internet unless its accessed by trusted management.
Ive attached screenshot of my rule that i beleive is right, but i can still get to the external IP address of the device from another device. im not sure what im missing
I can see my rule thats created but it has an orange tab next to it and is labelled as an unused rule, i can also see a deafult rule that looks to do the same thing but it has the source address set as any, could this be why i can access it from any device? i cant delete this rule or amend it as i get the rule overlap message
can anyone point me in the right direction please?
Best Answer
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
If you edit the WAN-WAN Rules they way mentioned above you will be golden.
You can tinker in the internal settings, but I advice against it, due to your newbie status with SNWL :)
The option you're looking for "Enable the ability to remove and fully edit auto-added access rules", but there is no need for that in your case, because what you wanna accomplish can be done by editing the default rules.
—Michael@BWC
0
Answers
@JOELA80 remove your custom Rule "Inbound Firewall Management" and just set GRP_WAN_Trusted Management as Source Address for the Default Management Rules.
—Michael@BWC
thanks for that reply, that makes sense. i have another question if you can help, the device was set up by a third party and it looks like that inbound rule has been set up as a default rule not custom, is there a way to remove this as its giving me the stop sign icon when i try to delete.
thanks again
If you don't want ANY Management Access from the WAN, you might head over to the Network Interface (e.g. X1) and. untick the Management options you dont want.
Default Rules can be deleted if enabled by Option in the internal settings, but I would not go that route if not really necessary.
—Michael@BWC
thanks again, i might just do that
my aim is to stop the interface being visible to anyone that knows the ip address, unless they are part of the trusted group as i may still need wan management.
will just amending the rules as you mentioned solve this issue? can you point me where i need to be in the internal settings can i access this from the web interface?
many thanks for your help, ive got it sorted