Management Interface

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Management Interface

L2 Linker
Hi, Is it a good idea to connect the mgmt interface directly to wan ? or should it only be accessible locally and via an access server for remote management ?
1 accepted solution

Accepted Solutions

L6 Presenter

It's a very bad idea.

 

If you really want mgmt access directly from WAN; put management profile on some other L3 interface connected to WAN and restrict access within management profile and with firewall rules. This way you can also put security profiles on this rule, zone protection etc.

 

 

 

 

 

View solution in original post

5 REPLIES 5

L6 Presenter

It's a very bad idea.

 

If you really want mgmt access directly from WAN; put management profile on some other L3 interface connected to WAN and restrict access within management profile and with firewall rules. This way you can also put security profiles on this rule, zone protection etc.

 

 

 

 

 

L2 Linker

Hi Huddlebuy,

 

Personally I like to setup GlobalProtect for businesses which require remote management to the PA firewalls.. As you get a single free portal and gateway license prior to version 7 (Portal license is free).

 

Setup GlobalProtect and enable HTTPS and/or SSH in an interface management profile and add to the GlobalProtect Tunnel Interface.

 

Hope this helps.

regards,

Ben

I'd go a step further and restrict access for a specific set of IPs or Networks.

Yeah, for normal everyday access to firewall VPN client and accessing mgmt interface in LAN is the way to go. But access directly from WAN is typcially needed when something is wrong with the firewall. In that case GP might not be working and you won't be able to use such access. Then a mgmt access to WAN is needed but should only be allowed from a few IPs.

L2 Linker

Thanks guys; will be configuring it behind a firewall on the OOBM link.

 

 

 

  • 1 accepted solution
  • 5309 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!