Disable Browser or Web Based Access to Firebox


I recently discovered that I can access the web based interface to my Firebox via a web browser using the public IP address. I would like to disable this feature.

Firebox: XTM535 (Fireware XTM v11.11.2.B508770)

Can you please tell me which policy would be controlling this feature?

I disabled the "WatchGuard Web UI" in the policy manager and saved the policy but I am still able to access the Firebox via a web browser to its public IP address.

I did not restart the Firebox yet because it didn't prompt me to do so.

Thank you,

John Bennett


  • Options

    Do you have Authentication or SSLVPN enabled?
    If Authentication, verify that the WatchGuard Authentication policy does not have Any-external in the From: field

    If you have SSLVPN enabled, you can't prevent this access. You can change SSLVPN to use a port other than TCP 443.

    The default settings for the Web UI policy does not allow access from the Internet, and does only have access using TCP port 8080, not TCP 80 (HTTP) or 443 (HTTPS).

  • Options

    Thank you for your reply. I found the WatchGuard Authentication policy and it has "Any-Trusted", "Any-Optional" and "Any-External" in the "From" field all going to the Firebox. I checked the port and it is "4100". I will try removing the "Any-External". The strange thing is that in a web browser, I don't even have to put a port number in the address, it just goes straight to the login screen via http, not even https.

  • Options

    I also disabled the "SSL-VPN" policy using port 443 since we don't use it.

  • Options

    Then that is HTTP or HTTPS.
    If HTTP - this implies that you have an incoming HTTP policy to your firewall external IP addr
    If HTTPS this implies that you have an incoming HTTPS policy to your firewall external IP addr, or perhaps SSLVPN is enabled

  • Options

    Did disabling SSLVPN prevent the connection that you saw?

  • Options

    Excellent!!! You were correct, disabling SSLVPN must have fixed it because I can't get to it via an external web browser any longer. Thank you very much for your help, I really appreciate it!

Sign In to comment.