I have a typical policy that allows access to Gaia (https) from some internal machines, followed by a stealth rule that blocks all the other accesses (any-[sms, clusterxl and nodes]-drop).
Despite this, if I try to open a browser from an external machine, pointing to one of the public IPs (https://publicIP) of the cluster, I'm asked to accept the certificate.
I can't load the user/password page, but I need to avoid to even to show that something is listening.
The customer told me that in the past someone executed a command to block this access, but I was expecting that the policy was enough.
What is this command? I don't want to disable the Gaia Portal, just from the Internet.
Or there is a configuration in the Global Policy that I missed?