Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Pereira
Participant
Jump to solution

How to disable http/https portal on vSec gateway?

We have two Security Gateways under the same management server. We need to disable outside access to the web portal on the vSec gateway.

This traffic is accepted by an implied rule. We did disable every single implied rule on the smart dashboard and try to edit the implied rules file in the path $FWDIR/lib. 

But the ports 80 and 443 are still open.

How could disable the outside access to this service?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
8 Replies
Jay_Jeffcoat
Participant

When you say "disable outside access" There certainly shouldn't be an implied rule that allows outside access to your firewalls. You should have a rule in your policy that allows certain hosts to access your firewalls(ssh, webui, etc), but then have a stealth rule directly below that preventing all other source traffic from hitting your firewalls.

0 Kudos
Thomas_Pereira
Participant

Jay.

We have a stealth rule in place.

And in the log the traffic is being allowed by Implicit rule 0.

0 Kudos
Jay_Jeffcoat
Participant

Can you be more specific on what you're describing as "outside" access? Also, please post details about the actual implied rule that it's hitting on? Obviously something isn't making since, you stated you disabled every implied rule yet the traffic is still permitted

0 Kudos
Thomas_Pereira
Participant

"Outside" is the Internet. In Azure the vSec has two interfaces one internal and one external this last being the one that leads to the Internet. The goal is to limit the access to the internal interface. 

0 Kudos
Peter_Sandkuijl
Employee
Employee

Hi,

Rule 0 can also indicate a setting that has a portal function and that is controlled by a property. As an example the identity awareness captive portal will listen. On what ports and interfaces depends on your configuration. I suspect what you see is similar to this and I advise you check those settings. By default they will have "internal interfaces" but that may be less relevant for vSEC, depending on how you deployed

Good luck

Peter !!

PhoneBoy
Admin
Admin
Thomas_Pereira
Participant

Dameon, 

Thanks for the help, in this SK I have found the correct file to edit and stopped the http redirect.

Also I was able to find what was enabling the https portal. It was the visitor mode for vpn clients, once disabled the https was closed.

_Val_
Admin
Admin

If you are looking to disable WebUI completely, use "set web daemon-enable off"
Do not forget "save config"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events