cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

How to disable http/https portal on vSec gateway?

Jump to solution

We have two Security Gateways under the same management server. We need to disable outside access to the web portal on the vSec gateway.

This traffic is accepted by an implied rule. We did disable every single implied rule on the smart dashboard and try to edit the implied rules file in the path $FWDIR/lib. 

But the ports 80 and 443 are still open.

How could disable the outside access to this service?

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: How to disable http/https portal on vSec gateway?

Jump to solution
8 Replies

Re: How to disable http/https portal on vSec gateway?

Jump to solution

When you say "disable outside access" There certainly shouldn't be an implied rule that allows outside access to your firewalls. You should have a rule in your policy that allows certain hosts to access your firewalls(ssh, webui, etc), but then have a stealth rule directly below that preventing all other source traffic from hitting your firewalls.

0 Kudos

Re: How to disable http/https portal on vSec gateway?

Jump to solution

Jay.

We have a stealth rule in place.

And in the log the traffic is being allowed by Implicit rule 0.

0 Kudos

Re: How to disable http/https portal on vSec gateway?

Jump to solution

Can you be more specific on what you're describing as "outside" access? Also, please post details about the actual implied rule that it's hitting on? Obviously something isn't making since, you stated you disabled every implied rule yet the traffic is still permitted

0 Kudos

Re: How to disable http/https portal on vSec gateway?

Jump to solution

"Outside" is the Internet. In Azure the vSec has two interfaces one internal and one external this last being the one that leads to the Internet. The goal is to limit the access to the internal interface. 

0 Kudos
Employee+
Employee+

Re: How to disable http/https portal on vSec gateway?

Jump to solution

Hi,

Rule 0 can also indicate a setting that has a portal function and that is controlled by a property. As an example the identity awareness captive portal will listen. On what ports and interfaces depends on your configuration. I suspect what you see is similar to this and I advise you check those settings. By default they will have "internal interfaces" but that may be less relevant for vSEC, depending on how you deployed

Good luck

Peter !!

Admin
Admin

Re: How to disable http/https portal on vSec gateway?

Jump to solution

Re: How to disable http/https portal on vSec gateway?

Jump to solution

Dameon, 

Thanks for the help, in this SK I have found the correct file to edit and stopped the http redirect.

Also I was able to find what was enabling the https portal. It was the visitor mode for vpn clients, once disabled the https was closed.

Re: How to disable http/https portal on vSec gateway?

Jump to solution

If you are looking to disable WebUI completely, use "set web daemon-enable off"
Do not forget "save config"