How to access firewall management UI from different zones in UPE mode

This article explains how to configure and access web management UI from different zones for the firewall running in UPE mode.

Intra-zone management: Accessing firewall management IP within the same subnet.

Inter-zone management: Accessing firewall management IP from different zones or from different subnets (support added in SonicOS 7.2.0)

Intra-zone management:

SonicOS 7.1 and onwards there was a design change where management traffic is supposed to only go through firewall defined default system management policies instead of user defined custom security policy.

Please follow the following steps to configure management:

1.       Navigate to Network | System | Interfaces.
2.       In this example we will configure HTTPS management on X0 interface, edit X0 interface and enable HTTPS management.
3.       Firewall will create a default system management policy for handling the management traffic only, this policy will not be visible on GUI.

NOTE: Inter-zone management not supported on SonicOS 7.1.x. 

Inter-zone management:

•     In SonicOS 7.2.0 support was added for inter-zone management.
•     Now users from different subnets on a different zone can access the firewall management IP of interface in different subnets or zones.
•    In this example we will allow access to firewall management on X0 IP for a host in X2 interface [Zone: Core].

Please follow the following steps to configure management:

1. Navigate to Objects | Match Objects | Addresses and create address objects.
   
   
   
2.       Create an Address Groups and added all the Host/Range/Network Address Objects created in step 1.
3.       Navigate to Network | System | Interfaces.
4.      Enable HTTPS management on X0 interface and limit the HTTPS management to specific address group as configured in step 2.
   
   

NOTE: HTTPS management source address set to “ANY” under interface refers to “All IP addresses in same subnet”