Is it possible to restrict SSL VPN logon page accessibility?

Hi guys,

Is it possible to restrict SSL VPN logon page (https://address/sslvpn_logon.shtml) accessibility to a certain number of IP addresses?

Regards,

Best Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative
    Accepted Answer

    Hi @WatchDog
    You can turn the page completely off in v 12.5.4 + by issuing the following command on the Fireware CLI:
    "no sslvpn web-download enable"

    It can't be set to specific IPs, but you can point the users to software.watchguard.com to download the client directly from our website. (It'll be listed as Mobile VPN w/SSL under each firewall for Windows and MacOS.)

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative
    Accepted Answer

    -James Carson
    WatchGuard Customer Support

  • Accepted Answer

    Hi @James_Carson,

    Thanks for your prompt reply.
    Would running "no sslvpn web-download enable" command affect users' Mobile VPN?

  • james.carsonjames.carson Moderator, WatchGuard Representative
    Accepted Answer

    @WatchDog
    No, it just disables the download page itself.
    The "WatchGuard SSLVPN" and "Allow SSLVPN_Users" policies are what govern user's access in and out of the firewall.

    Note that the firewall still listens on the SSLVPN port (443 by default) since that's the socket the vpn users connect to. If a user tries to surf to that page after running that command, they won't get a page back.

    You can also revert the command by issuing "sslvpn web-download enable"

    -James Carson
    WatchGuard Customer Support

Sign In to comment.