Disable WebGUI access from selective LANs
-
Hi,
If I have multiple LANs and want to disable the WebGUI access from one of the LAN, that may be running subnet for IoTs or Guest WiFi, then is there a way to do it?
I checked the documentation and options within GUI under sysntems (and ==> advanced) but did not see any setting to this effect.
Thanks.
-
@pm_13 :
It's the other way around : here System > Advanced > Admin Access you can enable - or disable - a rule that will be placed on top of the rule list, that enables the access to the GUI.
The default LAN rules is a pass all rule, so access to the web GUI is possible, as this rule accept all traffic.On other LAN type interfaces, there will be no rules at all when you create (assign) these interfaces. The default hidden rule is : block everything.
So, nothing comes in, which means : no Internet access, no GUI access, nothing.
Up to you to create a rule like :this rules block all TCP access to the alias "ThisFirewallRules" ports 21,22,23,80,443 because these could be used to intercat with the firewall.
Normally, you should block ports like 123 NTP udp or 53 DNS (tcp and udp).After this rule you place a rule that permits access, for example; to the Internet.
-
@gertjan Thanks, this does make sense.
So essentially the key is to treat WebGUI session like any other regular traffic and configure as needed using firewall rules.
Thanks for pointing me in the right direction.