Skip to content

Add local service ACL exception rule

Use the local service ACL exception rule to allow access to the device’s admin services from a specified network/host.

  1. Go to Administration > Device access and click Add under Local service ACL exception rule.
  2. Enter a name.
  3. Select the Rule position.
  4. Enter a description.
  5. Select the IP version from the following options:

    Available options:

    • IPv4
    • IPv6
  6. Select the Source zone to which the rule applies.

  7. Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies. Click Create new to create a new source network/host.
  8. Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies. Click Create new to create a new destination network/host.

    Note

    Specifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.

  9. Click Add new item to select the admin Services to which the rule applies.

    Available options:

    • HTTPS
    • SSH
    • Web proxy
    • DNS (For important details, see DNS service.)
    • Ping/Ping6
    • SSL VPN
    • User portal
    • Dynamic routing
  10. Select an Action.

    Available options:

    • Accept
    • Drop
  11. Click Save.

DNS service

If you select DNS as the admin service, Sophos Firewall doesn’t directly start responding to DNS requests from the WAN. So, to enable Sophos Firewall to respond to DNS requests from the WAN, go to Network > DNS and add a static DNS host entry. Turn on Publish on WAN.

More resources