Add local service ACL exception rule
Use the local service ACL exception rule to allow access to the device’s admin services from a specified network/host.
- Go to Administration > Device access and click Add under Local service ACL exception rule.
- Enter a name.
- Select the Rule position.
- Enter a description.
-
Select the IP version from the following options:
Available options:
- IPv4
- IPv6
-
Select the Source zone to which the rule applies.
- Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies. Click Create new to create a new source network/host.
-
Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies. Click Create new to create a new destination network/host.
Note
Specifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.
-
Click Add new item to select the admin Services to which the rule applies.
Available options:
- HTTPS
- SSH
- Web proxy
- DNS (For important details, see DNS service.)
- Ping/Ping6
- SSL VPN
- User portal
- Dynamic routing
-
Select an Action.
Available options:
- Accept
- Drop
-
Click Save.
Delete local service ACL exception rule
To delete a local service ACL exception rule, do as follows:
- Go to Administration > Device access.
- Under Local service ACL exception rule, click Delete for the rule you want to delete.
- Click OK.
DNS service
If you select DNS as the admin service, Sophos Firewall doesn’t directly start responding to DNS requests from the WAN. So, to enable Sophos Firewall to respond to DNS requests from the WAN, go to Network > DNS and add a static DNS host entry. Turn on Publish on WAN.
More resources