Results 1 to 6 of 6

Thread: Firewall medium security filter allows only one IP

  1. #1

    Question Firewall medium security filter allows only one IP

    Hi:

    I enabled the firewall with medium security but wanted to add a filter for management (web interface) access for several IP addresses and a dyndns url. I added the dyndns url for my laptop that has always a dynamic IP address. I could access the Quadro management interface from my laptop. That works great!
    However I wanted to add more IP addresses to this filter. That doesn't work. Adding another filter doesn't neither.
    Am I missing something?
    Please help me. Thanks.
    Toon

  2. #2

    Default

    You add the IP addresses to the group and add the group to the management access and it still doesnt work ?

    Thats odd

    Kev

  3. #3
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Well, I see the problem.. You can put any number of IP addresses in a group ("IP Pool Groups"), and allow/deny access from that group. But you cannot put a URL into the group.
    This makes it impossible to specify several URLs to be allowed to access Quadro management... And even you cannot specify one URL + some IP address. If yo have URL specified in the "Management Access", yu cannot add anything more there.

    Your only option (workaround) for this now is to configure your URL to have HTTPS access, and the group of IP addresses to have HTTP access. I agree this is not very elegant, but this is the only way for now.

    Best regards,
    David

    P.S. Generally speaking, this "Single URL" option is kind of a new option, which is is actually not very nice to use (as to me), as you never know when you will get access to the Quadro, after your URL changes IP address. This is up to DNS caching, and one cannot guarantee that the caches will refresh quickly enough...

    Using IP address in firewall settings is always preferred.

    P.S.2. We will consider adding a "Single URL" option into the "IP Pool Groups" table, but I cannot give you any dates. This was not done mainly because the IP Groups are used in various places in the "Filtering Rules", including some pages, where the "Single URL" option cannot be used by technical reasons. Most probably we will allow now to add URL into a IP Group, but prohibit to use that group in the table where URL cannot be configured, for example in "Incoming Traffic / Port Forwarding", "Outgoing Traffic", "Blocked IP List", "Allowed IP List" and "Restricting IPSec" tables.

  4. #4

    Smile Needs from a VAR and a small business customer for remote access

    David:

    Thanks a lot for your help.
    I should have first desribed the customer needs and the var needs regarding remote access to Quadro management.
    For a VAR tech person who is always on the road and who has a laptop that has only a dynamic IP address, a DYNDNS url is a must.
    For the IT person of a small business, remote access to the quadro will be needed via an office server that has a static IP address. He may have a VPN. He will access remotely the office server, and from the webbrowser on the office server access the Quadro.
    Some other customer employees may want to access the quadro management also to change their extension settings incl call settings.
    So, there is a need to enable the entry of a DYNDNS url and of one or more static routable IP addresses of office servers. All this is for HTTP.
    I hope this clarifies the needs.
    Thanks for your great contributions to the forum.
    Lots of very interesting posts.
    Toon

  5. #5
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    I see, Toon. We'll try to fit this into the first public 5.2 release. I would expect it in 1.5-2 months...

    BTW, using a roadwarrier VPN to a Quadro (or to a server behind the Quadro) could still be a very good workaround. And it will be more secure as you don't send the login/password in open form through the internet.

    Best regards,
    David

  6. #6

    Default

    The firewall adds security and this will cause some privileges to be limited. You might want to configure them manually even the firewall is one. I think that will solve the

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. filter rule for sip access
    By nitrox in forum Troubleshooting and Problems
    Replies: 2
    Last Post: 10-08-2009, 01:07 PM
  2. Medium Firewall, no WAN https access!
    By darylp in forum Troubleshooting and Problems
    Replies: 2
    Last Post: 09-29-2008, 08:35 AM
  3. Destination NAT rule on medium level firwall
    By skyways in forum Troubleshooting and Problems
    Replies: 4
    Last Post: 05-02-2008, 09:29 AM
  4. Security alert Aastra admin password
    By Synertic in forum Hardware Interoperability
    Replies: 4
    Last Post: 10-28-2007, 05:55 PM
  5. NAT With Symantec Gateway Security
    By baoan in forum Troubleshooting and Problems
    Replies: 0
    Last Post: 05-01-2007, 12:20 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •