sa 2500 how to block admin

lapluk_ · ‎08-18-2011

hI

I have sa configuerd with internal int and nat

is there any way to secure /admin from outside?

muttbarker_ · ‎08-18-2011

By default the admin access is not enabled on the outside interface. You have to specifically turn that ability on to access it on the I/F. However if you are only using the inside I/F and you want to prevent access to that realm from external IP addresses you could so by using "Authentication Policy"

Simply limit the "source IP" for the specific admin realms to your internal IP addresses.

lapluk_ · ‎08-18-2011

make sens

thanks

SonicBoom_ · ‎08-19-2011

you can also go one step further and rename the sign in page from /admin to something not so default like /laplukadmin. you get the idea..

zanyterp_ · ‎08-19-2011

In addition to not enabling login on the external port, enabling source IP enforcement, and changing the URL (path and/or hostname), you can enable certificate/host checker/ restrictions. If you want to allow external access, but only from you or trusted sources, you can do all of the above (except source IP enforcment) easily as well.

stine_ · ‎08-19-2011

This really only hides it if you create a large number of new admin urls and then delete all but one of them. This is because the /dana-na/auth/url_[N]/welcome.cgi has no randomization in the URL (url_[N] is the Nth url created.

In fact, if your admin users have bookmarked your sign-in page and you delete and re-add the sign-in policy, their browser bookmarks will no longer be valid.

sa 2500 how to block admin

sa 2500 how to block admin

Re: sa 2500 how to block admin

Re: sa 2500 how to block admin

Re: sa 2500 how to block admin

Re: sa 2500 how to block admin

Re: sa 2500 how to block admin