Allow specific IP or MAC?

Yopofun_ironport · ‎04-18-2008

Hey everyone,

Just got a C150 a little bit ago and was wondering if theres a way to allow only specific IP or MAC address from a accessing the management port to configure the firewall. I've disabled HTTP, and FTP access to the firewall to improve security but didn't want to remove HTTPS as being in physical contact to use the serial port would be a little out of the question as I'd like some remote access as I travel between offices.

So if you have any ideas on how to improve security, or if I'm just stuck dealing with HTTPS, any responses would be greatly appreciated.

Thanks,

Tim

Donald Nash · ‎04-18-2008

As far as I have been able to tell, there is no way to do this. The underlying operating system is based on FreeBSD, and therefore has ipfw, which would do what you want. But there is no interface to ipfw exposed in AsyncOS.

Your only recourse is to use an external firewall.

Doc_ironport · ‎04-19-2008

This feature is currently planned for a future release. I can't remember which release it was in, but I've got a feeling that it's not all that far away...

In most environments we recommend putting the IronPort into a DMZ area, in which case you can block all access to the management port (and basically everything except port 25) from the Internet using rules on the Firewall itself.

Yopofun_ironport · ‎04-21-2008

Thanks for the information. I couldn't find anything else, but as I've only had it for a bit, I thought I'd ask you guys/girls as you have much more experience. Thanks for replies and hope to see this feature in the future :D