ZyWall USG 20W - Block Wireless Administration Hi, I was wondering if there is a simple way to keep WLAN users from being able to address my Zywall. For instance, anyone on wifi can go to 192.168.1.1 or 10.59.1.1 or (or even 192.168.2.1 if you have 2nd LAN active) and attempt to login. I have a strong password but I would like to block users from even having the opportunity to try.
Basically, I don't want anyone without direct access to a LAN port attempting to administer my network appliances.
This is a simple radio button option on a $25 Linksys off Amazon so I'm assuming my ZyWall can also achieve this & I just don't know how.
Big thanks in advance to Anyone with the solution!
BranoI hate VogonsPremium,MVM
Create appropriate firewall rules to block/allow access to ZyWall as you desire.
AnavSarcastic Llama? Naw, Just AcerbicPremium
reply to Caden
Go to SYSTEM and WWW.
Ensure http to https is checked off.
You can limit to whom has access ie only to your PC if need be, in others by zones or by IPs.
A good trick here would be to change the server port to off standard of of 443 change it to 9443 for example.
I dont think you need to go to firewall rules.
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
reply to Brano
Sorry Brano, I forgot to mention that also I tried changing the default firewall rule for WLAN to ZYWall to block or reject and that also keeps wifi users off the admin area but also stops all internet browsing....
I want to allow WLAN to WAN... but Block WLAN to ZyWall.
I guess I could try to block the website 192.168.1.1, 192.168.2.1, 10.59.1.1? I just thought there might be a simple way.
Anyways thanks again for replying!
BranoI hate VogonsPremium,MVMReviews:
It stops internet browsing because you block all services!
You need to leave enabled DHCP and DNS for WLAN to hit the ZyWall.
You may also want to read this »Secure your USG - quick how-to
reply to Brano
Thanks Brano... but how do I single out the interface?
I tried the rule BLOCK from WLAN_1-1 to (object) ZyWall (192.168.1.1) and this made all wifi traffic not work.
Also, if this had worked properly I would have to make seperate objects for 10.59.1.1 and 192.168.2.1 with my default out-of-box config (2 lans enabled).
So the problems are
1. My firewall rule didn't work
2. It would require 3 rules for 3 objects by default? It seems like there should be an obvious, easy way to keep people out of this area.
reply to Anav
If I could I would give you kudos! I am pretty sure that you have nailed this one. This looks like exactly what I was looking for! I'm going to try it out now.
reply to Brano
Brano, thanks for the how-to link... that is very useful!
I think this issue is resolved. Thanks to both Anav and Brano.
They both pretty much rawk.