Re: policy to limit access from untrust zone

arzoum_ · ‎05-19-2014

Dear All,

I hope you are well.

I have configured my UTM juniper ssg 20 to permit access from untrust zone by only one ip address but it doesnt work; I have configured UTM as follow:

Source : ip addr from untrust zone

Dest : IP addr of UTM untrust interface

Service : https

etc.

After this configuration, all ip adrr from untrust can get access on UTM.

I need your help to limit access to the only ip add from untrust zone

note that I have not others policies from untrust zone to trust zone

Thanks

arzoum_ · ‎05-19-2014

no update, please?

muttbarker_ · ‎05-19-2014

Please share your config.

arzoum_ · ‎05-19-2014

see my config in attachment.

arzoum_ · ‎05-19-2014

muttbarker_ · ‎05-30-2014

That is not your config. It is a screen shot of one line of your policies.

spuluka · ‎05-30-2014

Your description is not clear to me. But I think you are trying to restrict access to the SSG web management interface on the untrust zone to a specific ip address.

If this is the case, you would be using the manager-ip function and not security policies.

But manager-ip applies to all interfaces on the device regardless of zone that are enabled for management access. So in addition to adding your outside address you would also need to add the inside network addresses that would need management access on the trust interfaces.

And remember to add the network segment you are currently connected from FIRST. As these restrictions take place immediately cutting off your access otherwise.

Web UI:

Configuration--Admin--Permitted IPs

CLI:

set admin manager-ip 192.168.0.0 255.255.0.0

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home