Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=LocalServiceACLEdit

Add local service ACL exception rule

Use the local service ACL exception rule to allow access to the device’s admin services from a specified network or host.

  1. Go to Administration > Device access and, under Local service ACL exception rule, click Add.
  2. Enter a name.
  3. Select the Rule position.
  4. Enter a description.
  5. Select the IP version (IPv4 or IPv6).
  6. Select the Source zone to which the rule applies.
  7. Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies.
  8. Click Create new to create a new source network or host.
  9. Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies.

  10. Click Create new to create a new destination network or host.

    Note

    Specifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.

  11. Click Add new item to select the admin Services to which the rule applies.

    Available options:

    • HTTPS
    • SSH
    • Web proxy
    • DNS (For important details, see DNS service.)
    • Ping/Ping6
    • SSL VPN
    • User portal
    • Dynamic routing

  12. Select an Action (Accept or Drop).

  13. Click Save.

DNS service

If you select DNS as the admin service, Sophos Firewall doesn’t directly start responding to DNS requests from the WAN. So, to enable Sophos Firewall to respond to DNS requests from the WAN, go to Network > DNS and add a static DNS host entry. Turn on Publish on WAN.

More resources