Restrict incoming SSH to group of ip numbers
Hi,
I installed a ER707-M2 as our internet router (in Omada env with TL-SG3452X Switch and a couple of EAP620 HD access points).
With the previous router I could limit incoming traffic to certain ip groups and ports.
I haven't found a way to do this in Omada yet. Can someone give me some suggestions?
Specifically I want to allow SSH (port 22) access to a Port forwarded server (internal) but only from a limited group of internet sources/IP addresses.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @cdnhk
Thanks for posting in our business forum.
ACL can do it. Deny all and allow certain IPs should do it.
- Copy Link
- Report Inappropriate Content
Thanks for your reply but I think it is a bit to limited for me to 'get it'.
- Would it be a Gateway ACL or a Switch ACL
- I guess a Switch ACL since Gateway ACL doesn't allow IP-Port Group
- If it's a switch ACL, I want to limit WAN -> LAN access only for port 22. WAN->LAN access for any on port 80/443 would still be needed to be allowed.
Maybe there is a document or video explaining this scenario?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @cdnhk
Thanks for posting in our business forum.
GW ACL, WAN IN.
Specify the IP group and deny their access.
If you still worry that the IP group cannot limit the access from others, then consider the VPN instead. If you expose the port, unless you are on a static IP, and you only allow your static IP to access the network, you cannot block that many IP addresses.
WAN ACL with IP-Port Group is a feature in the future. Gotta plan to add it.
For the docs about the ACL, refer to the User Guide of Omada Controller.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 766
Replies: 6
Voters 0
No one has voted for it yet.