Allowing access only from the LAN
Each management service (HTTP, HTTPS, SSH) has a unique access policy which may be changed on the Services configuration page in the web interface or through the command line interface.
The access policies may be modified under the the Web Settings and SSH/Telnet Settings sections. For each service, there is an "Allow access from" drop-down which will set which interfaces management access is allowed. Setting this to "LAN" will prevent external access to these services.
Limiting access from the WAN using a Management Access List
The Management Access List feature found under the Services page may be used to allow only certain source networks or addresses for management access. Source Addresses may be entered in CIDR notation (IP/MASK), as individual IP addresses, or as Fully Qualified Domain Names (FQDN). Please note that the management access list is only applied to services which are enabled and allow access from the WAN. The management access list will not apply to access from the LAN unless you check the 'Enable LAN Restrictions' check-box.
Please include ts.support.ecessa.com. as a source address to allow Ecessa technical support to access the device when using a Management Access List.
Please keep in mind that when enabling this feature and activating the change that access will be lost unless connecting from an IP address specified within the list or connecting from the LAN.
0 Comments