cancel
Showing results for 
Search instead for 
Did you mean: 

sa 2500 how to block admin

Highlighted
Contributor

sa 2500 how to block admin

hI

I have sa configuerd with internal int and nat

is there any way to secure /admin from outside?

5 REPLIES 5
Highlighted
Valued Contributor

Re: sa 2500 how to block admin

By default the admin access is not enabled on the outside interface. You have to specifically turn that ability on to access it on the I/F. However if you are only using the inside I/F and you want to prevent access to that realm from external IP addresses you could so by using "Authentication Policy"

Simply limit the "source IP" for the specific admin realms to your internal IP addresses.

Highlighted
Contributor

Re: sa 2500 how to block admin

make sens

thanksSmiley Happy

Highlighted
Regular Contributor

Re: sa 2500 how to block admin

you can also go one step further and rename the sign in page from /admin to something not so default like /laplukadmin. you get the idea..
Highlighted
Respected Contributor

Re: sa 2500 how to block admin

In addition to not enabling login on the external port, enabling source IP enforcement, and changing the URL (path and/or hostname), you can enable certificate/host checker/ restrictions. If you want to allow external access, but only from you or trusted sources, you can do all of the above (except source IP enforcment) easily as well.
Highlighted
Super Contributor

Re: sa 2500 how to block admin

This really only hides it if you create a large number of new admin urls and then delete all but one of them. This is because the /dana-na/auth/url_[N]/welcome.cgi has no randomization in the URL (url_[N] is the Nth url created.

In fact, if your admin users have bookmarked your sign-in page and you delete and re-add the sign-in policy, their browser bookmarks will no longer be valid.