Configuration of a Dedicated Management Interface on a SG-3100



  • I'm setting up an SG-3100 and I'd like to configure the OPT1 interface as a
    management interface such that it would be the only interface that could access
    the WebUI and SSH ports on the SG-3100. This would be very similar to the
    write-up at

    https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html

    only I would be permitting access on the OPT1 port and completely denying access
    on the LAN ports. I followed this write-up pretty much as is except I did not deny
    access to the LAN and I did not disable the anti-lockout rule (just in case there were
    problems)

    I configured the OPT1 int using the IPv4 addr 192.168.100.1/30 and my laptop
    as 192.168.100.2. My problem is that the only way to access port 443 on the
    SG-3100 is to make a firewall rule that permits all traffic on the OPT1
    interface, not just traffic across ports tcp:22 and tcp:443. I've tried not using
    aliases and just use the specific IP addresses of the OPT1 int and the
    laptop. Again, the only way to permit traffic is to open it up to all
    ports.

    Is this expected behavior or when moving to a dedicated interface do I need
    to open up some other ports or protocols?

    Thanks,
    Mike


  • LAYER 8 Rebel Alliance

    Post your Rules (Screenshots).

    -Rico