Joining the ConversationI would like to restrict management access to the Socket Web UI from the LAN.
However, in a post from about a year ago, no solution was provided.
Is there a way to restrict access to the WebUI? | Cato Connect
Has there been any update or new feature introduced that enables this?
Thank you.
Cato Professional ServicesHi Tetsuyoshi,
Would you consider utilizing the the available LAN port for LAN connectivity (and remove the capability for WebUI access)?
Would you share the reason to disable the WebUI access on the LAN port?
Which socket model would you be looking at?
Thank you
Joining the ConversationHello,
Thank you for your reply, michaelsaw .
In legacy network environments, it is common to restrict management access so that it is accepted only from specific segments. So I wanted to check whether a similar approach is possible here.
We are using the X1500.
Cato Professional ServicesHi Tetsuyoshi,
Appreciate your feedback on this.
In this scenario, you would like to disable the port (e.g. LAN 02 port) and also disable the WebUI access, right?
Cheers
Finding a VoiceWe originally tried blocking the socket LAN IP address on the WAN FW, but that stopped DHCP forwarding working.
What we've done instead is create a custom category for all the socket LAN IPs. For HA sites, that includes the IPs for the socket, and also the VIP - so 3 entries.
We use the Custom Service object type within the custom category, write the socket name and IP.
We then use this custom category in a WAN FW rule to block all access apart from authorised users.
It works well for us.
