Add local service ACL exception rule

Use the local service ACL exception rule to allow access to the device’s admin services from a specified network/host.

Note There's a known issue in 17.5 MR10 and MR11 where the ACL exception rule is ignored if an any-any drop firewall rule is matched. Contact Sophos Support to implement a workaround.
  1. Go to Administration > Device access and click Add under Local service ACL exception rule.
  2. Enter a name.
  3. Select the Rule position.
  4. Enter a description.
  5. Select the IP version from the following options:
    Available options:
    • IPv4
    • IPv6
  6. Select the Source zone to which the rule applies.
  7. Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies. Click Create new to create a new source network/host.
  8. Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies. Click Create new to create a new destination network/host.
    Note Specifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.
  9. Click Add new item to select the admin Services to which the rule applies.
    Available options:
    • HTTPS
    • Telnet
    • SSH
    • Web proxy
    • DNS
    • Ping/Ping6
    • SSL VPN
    • User portal
    • Dynamic routing
  10. Select an Action.
    Available options:
    • Accept
    • Drop
  11. Click Save.