Sophos XG: How to configure only 1 host or 1 subnet allowed to access the configuration interface

Overview

The article shows how to configure only 1 host with the IP address you want or a subnet to be allowed access to the configuration interface of the Sophos firewall device, which enhances security for your network system

Here I configure only 1 host to access the configuration interface

How to configure

  • Login to Sophos XG device by Admin account
  • Go to SYSTEM -> Choose Hosts and services -> Choose IP host -> Click Add
  • Enter name for host, choose IPv4, IP and enter IP address you want
  • Go to SYSTEM -> Choose Administration -> Choose Device Access
  • Go to Local service ACL exception rule -> Click Add
  • Enter name for Exception rule
  • In Rule position: Choose Top
  • In IP version: Choose IPv4
  • In Source zone: Choose LAN
  • In Source Network / Host: Choose IP host which was created before
  • In Destination host: Choose LAN port which access to web interface
  • In Services: Choose HTTPS
  • In Action: Choose Accept
  • Then you create an exception rule more
  • Enter name for rule
  • In Rule position: Choose Bottom
  • In Source zone: Choose LAN
  • In Source Network / Host: Choose Any
  • In Destination host: Choose LAN port which access to web interface
  • In Services: Choose HTTPS
  • In Action: Choose Drop

** If you system has multiple subnets, you can configure only the subnet for which you want to access the configuration interface, instead of all

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.