Skip to content

Add local service ACL exception rule

Use the local service ACL exception rule to allow access to the device's admin services from a specified network or host.

  1. Go to Administration > Device access and click Add under Local service ACL exception rule.
  2. Enter a name.
  3. Select the Rule position.
  4. Enter a description.
  5. Select the IP version from the following options:

    • IPv4
    • IPv6
  6. Select the Source zone to which the rule applies.

  7. Click Add new item to select source networks or hosts. Click Add to create new ones.

    You can select source networks or hosts based on the following options:

    • Country
    • Country group
    • FQDN host
    • FQDN host group
    • Host group
    • IP address
    • IP list
    • IP range
    • MAC address
    • MAC address list
    • Network

    Note

    Wildcard FQDN hosts aren't supported.

  8. Click Add new item to select the IP address or interface-based destination hosts (for example, user portal) to which the rule applies. Click Add to create new ones.

    Note

    Specifying the destination host enables you to control access to a service (for example, user portal) with a limited set of destination IP addresses.

  9. Click Add new item to select the admin Services to which the rule applies.

    Available options:

    • AD SSO
    • Captive portal
    • Chromebook SSO
    • Clients
    • DNS (For important details, see DNS service.)
    • Dynamic Routing
    • HTTPS
    • IPsec
    • Ping/Ping6
    • Radius SSO
    • RED
    • SMTP Relay
    • SNMP
    • SSH
    • SSL VPN
    • User portal
    • VPN portal
    • Web proxy
    • Wireless Protection
  10. Select an Action.

    Available options:

    • Accept
    • Drop
  11. Click Save.

Delete local service ACL exception rule

To delete a local service ACL exception rule, do as follows:

  1. Go to Administration > Device access.
  2. Under Local service ACL exception rule, click Delete Delete button. for the rule you want to delete.
  3. Click OK.

DNS service

If you select DNS as the admin service, the firewall doesn't directly start responding to DNS requests from the WAN. So, to enable the firewall to respond to DNS requests from the WAN, go to Network > DNS and add a static DNS host entry. Turn on Publish on WAN.

More resources