Add local service ACL exception rule
Use the local service ACL exception rule to allow access to the device’s admin services from a specified network or host.
- Go to Administration > Device access and, under Local service ACL exception rule, click Add.
- Enter a name.
- Select the Rule position.
- Enter a description.
- Select the IP version (IPv4 or IPv6).
- Select the Source zone to which the rule applies.
- Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies.
- Click Create new to create a new source network or host.
- Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies.
-
Click Create new to create a new destination network or host.
Note
Specifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.
-
Click Add new item to select the admin Services to which the rule applies.
Available options:
- HTTPS
- SSH
- Web proxy
- DNS (For important details, see DNS service.)
- Ping/Ping6
- SSL VPN
- User portal
- Dynamic routing
-
Select an Action (Accept or Drop).
- Click Save.
DNS service
If you select DNS as the admin service, Sophos Firewall doesn’t directly start responding to DNS requests from the WAN. So, to enable Sophos Firewall to respond to DNS requests from the WAN, go to Network > DNS and add a static DNS host entry. Turn on Publish on WAN.
More resources