All Topics » Pulse Policy Secure



policy to limit access from untrust zone


arzoum
Contributor (11)
May 19, 2014 7:07am

Dear All,

 

I hope you are well.

 

I have configured my UTM juniper ssg 20 to permit access from untrust zone by only one ip address but it doesnt work; I have configured UTM as follow:

 

Source : ip addr from untrust zone

Dest : IP addr of UTM untrust interface

Service : https

etc.

 

After this configuration, all ip adrr from untrust can get access on UTM.

I need your help to limit access to the only ip add from untrust zone

 

note that I have not others policies from untrust zone to trust zone

 

Thanks




arzoum
Contributor (11)
May 19, 2014 8:11am

no update, please?

muttbarker
Contributor (11)
May 19, 2014 8:12am

Please share your config.

    arzoum
    Contributor (11)
    May 19, 2014 8:21am

    see my config in attachment.

spuluka
Contributor (11)
May 30, 2014 1:57pm

Your description is not clear to me.  But I think you are trying to restrict access to the SSG web management interface on the untrust zone to a specific ip address.

 

If this is the case, you would be using the manager-ip function and not security policies.

 

But manager-ip applies to all interfaces on the device regardless of zone that are enabled for management access.  So in addition to adding your outside address you would also need to add the inside network addresses that would need management access on the trust interfaces.

 

And remember to add the network segment you are currently connected from FIRST.  As these restrictions take place immediately cutting off your access otherwise.

 

Web UI:

Configuration--Admin--Permitted IPs

 

CLI:

set admin manager-ip 192.168.0.0 255.255.0.0