dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1484
share rss forum feed


Caden

@cableone.net

ZyWall USG 20W - Block Wireless Administration

Hi, I was wondering if there is a simple way to keep WLAN users from being able to address my Zywall. For instance, anyone on wifi can go to 192.168.1.1 or 10.59.1.1 or (or even 192.168.2.1 if you have 2nd LAN active) and attempt to login. I have a strong password but I would like to block users from even having the opportunity to try.

Basically, I don't want anyone without direct access to a LAN port attempting to administer my network appliances.

This is a simple radio button option on a $25 Linksys off Amazon so I'm assuming my ZyWall can also achieve this & I just don't know how.

Big thanks in advance to Anyone with the solution!


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Create appropriate firewall rules to block/allow access to ZyWall as you desire.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to Caden
Go to SYSTEM and WWW.

Ensure http to https is checked off.
You can limit to whom has access ie only to your PC if need be, in others by zones or by IPs.

A good trick here would be to change the server port to off standard of of 443 change it to 9443 for example.

I dont think you need to go to firewall rules.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


Caden

@sbcglobal.net
reply to Brano
Sorry Brano, I forgot to mention that also I tried changing the default firewall rule for WLAN to ZYWall to block or reject and that also keeps wifi users off the admin area but also stops all internet browsing....

I want to allow WLAN to WAN... but Block WLAN to ZyWall.

I guess I could try to block the website 192.168.1.1, 192.168.2.1, 10.59.1.1? I just thought there might be a simple way.

Anyways thanks again for replying!


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
It stops internet browsing because you block all services!
You need to leave enabled DHCP and DNS for WLAN to hit the ZyWall.

You may also want to read this »Secure your USG - quick how-to


Caden

@sbcglobal.net
reply to Brano
Thanks Brano... but how do I single out the interface?

I tried the rule BLOCK from WLAN_1-1 to (object) ZyWall (192.168.1.1) and this made all wifi traffic not work.

Also, if this had worked properly I would have to make seperate objects for 10.59.1.1 and 192.168.2.1 with my default out-of-box config (2 lans enabled).

So the problems are
1. My firewall rule didn't work
2. It would require 3 rules for 3 objects by default? It seems like there should be an obvious, easy way to keep people out of this area.


Caden

@cableone.net
reply to Anav
Anav,

If I could I would give you kudos! I am pretty sure that you have nailed this one. This looks like exactly what I was looking for! I'm going to try it out now.

THANKS!


Caden

@cableone.net
reply to Brano
Brano, thanks for the how-to link... that is very useful!

I think this issue is resolved. Thanks to both Anav and Brano.


Gork
Ou812ic

join:2001-10-06
Bountiful, UT
They both pretty much rawk.