Access to local services from zones

With local service ACL (Access Control List), you control access from custom and default zones to the management services of XG Firewall.

The default configuration of the access control list is in the table below. Access to the services is allowed from the zones listed.

Table 1. Services

Services

Zones

Description

Admin services

LAN

Wi-Fi

HTTPS: TCP port 4444

Allows access to the web admin console.

SSH: TCP port 22

Allows access to the command-line console.

WAN

HTTPS: TCP port 443

SSH: TCP port 22

Authentication services

LAN

Wi-Fi

AD SSO

RADIUS SSO

Chromebook SSO

Captive portal: TCP port 8090

Client authentication: UDP port 6060

Allows the authentication of users and clients in the specified zones.

Network services

LAN

WAN

Wi-Fi

Ping/Ping6

Allows ping requests to the WAN IP address of XG Firewall.

LAN

Wi-Fi

DNS

Allows DNS resolution requests when XG Firewall is the DNS server.

Other services

LAN

Wi-Fi

Wireless protection: Allows access points in these zones to connect to XG Firewall.

Web proxy: Allows direct proxy traffic on port 3128.

In addition to acting as a transparent proxy, XG Firewall acts as a direct proxy by default. It listens to port 3128 for the configured browsers for the destination ports specified in Web > General settings.

SMTP relay: Allows hosts and networks from these zones to use XG Firewall for outbound mail relay.

LAN

WAN

DMZ

Wi-Fi

SSL VPN: TCP port 8443

To change the port, go to VPN > Show VPN settings.

We recommend that you don't use this port for other services. Even when you turn off WAN access for other local services, they remain accessible from the WAN zone if they use the SSL VPN port.

LAN

User portal: Allows users to access the user portal from this zone.

If you allow users to access the user portal from the WAN zone, it can compromise security.

Dynamic routing: Sends and receives dynamic routing updates from the selected zones.

LAN

DMZ

VPN

Wi-Fi

SNMP

Select the zone in which the SNMP server is located.