Access to the Opengear's network services such as HTTPS Web Management and SSH Command Shell can be easily allowed per network interface, by checking the System -> Services -> Service Access checkboxes in the Web Management UI.
These checkboxes add firewall rules that accept ANY connection to that service that arrives at the permitted network interface, from ANY source network. You can further restrict remote access by creating specific "allowlist/passlist" rules for remote access in the Firewall, then unchecking the service's per-interface checkbox(es) to disallow general remote access.
For example, to allow remote access to the HTTPS Web Management service from 10.12.34.0/24 only:
Firstly, backup your configuration and ensure you have an alternate access method to your Opengear (e.g. CLI), as a simple misconfiguration may lock you out.
Click System -> Firewall -> Firewall Rules and create a New Firewall Rule specifying these fields:
Name: Trusted HTTPS
Interface: Any
Destination Port/Range: 443
Source MAC Address:
Source Address/Address Range: 10.12.34.0/24
Destination Address/Address Range:
Protocol: TCP
Direction: Ingress
Action: Accept
Click Apply.
Click System -> Services -> Service Access and uncheck the boxes along the HTTPS Web Management row, and click Apply.
Here's another example. Allowing Corporate Office Network IP (eg 166.123.5.6/32) access but deny all others except for ICMP.
Name: Trusted Office Network
Interface: Dialout/Cellular
Destination Port/Range:
Source MAC Address:
Source Address/Address Range: 166.123.5.6/32
Destination Address/Address Range:
Protocol: Any
Direction: Ingress
Action: Accept
Click System -> Services -> Service Access and uncheck the boxes below the Dialout/Cellular column, and click Apply.
Comments
0 comments
Article is closed for comments.