How can I limit SonicWall firewall management access for specific address only?

05/10/2023 42 People found this article helpful 308,397 Views

Description

If there is a need to enable remote management of the SonicWall security appliance for an interface, enable the supported management service(s): HTTP, HTTPS, SSH, Ping, and SNMP. Also there is options to allow only the authorized Internet IP address(es) to hit the SonicWall on its management service(s). This type of restriction wouldn't provide SonicWall access for non-authorized Internet address(es).

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Enabling the management services on WAN interface of SonicWall.

Navigate to Network | System | Interfaces page in the SonicWall GUI.
Click Configure option of the WAN interface.
In General tab, enable the check boxes HTTP, HTTPS, Ping, SNMP and SSH for Management.
Click OK

Enforcing the address object / group to the WAN to WAN management access rules

Navigate to | Policies | Rules and Policies | Access Rules page in the SonicWall GUI.
Choose view style as Matrix and click on WAN to WAN matrix button.
Click on the Configure option of the management rules and choose the newly created or existing address object / group in the Source field of the access rule.
You can edit the default access rule and can change the source to the intended address only.
Createing address objects for Internet Hosted Address with zone type WAN
Click 170504660027820 to get instructions on creating address object / group.
Below screenshot depicts that the management access rules were applied with specific source addresses instead of selecting any.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Enabling the management services on WAN interface of SonicWall.

Navigate to Manage | System Setup | Nnetwork | Interfaces page in the SonicWall GUI.
2. Click Configure option of the WAN interface.
3. In General tab, enable the check boxes HTTP, HTTPS, Ping, SNMP and SSH for Management.
4. Click OK.

Enforcing the address object / group to the WAN to WAN management access rules

Navigate to Manage | Policies | Rules | Access Rules page in the SonicWall GUI.
Choose view style as Matrix and click on WAN to WAN matrix button.
Click on the Configure option of the management rules and choose the newly created or existing address object / group in the Source field of the access rule.
You can edit the default access rule and can change the source to the intended address only.
Creating address objects for Internet Hosted Address with zone type WAN
Click 170504660027820 to get instructions on creating address object / group.
Below screenshot depicts that the management access rules were applied with specific source addresses instead of selecting any.