Restrict management access to a certain country

Forum|Forum|11 years ago
November 28, 2014
1 reply
9901 views

I know that you can restrict administrative logins for certain accounts to certain IP spaces.

I was wondering if there is a way to restrict the HTTPS page from being viewed at all unless it came from Country "A"

Dave_Hall

New Member

You can do this by defining a geography firewall label then create a local-in-policy that allows access on port 443.

config firewall address
edit "Canada"
set associated-interface "wan1"
set type geography
set country CA
next
end
config firewall local-in-policy
edit 0
set intf "wan1"
set srcaddr "Canada"
set dstaddr "all"
set action accept
set service "443"
set schedule "always"
next
end

Personally, I feel this approach is not best practice -- you'll better off setting up the admin access ports on the Interface and restricting admin access from trusted hosts (see attached pic).

Restrict-Admin-access.gif

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded