Table of Contents
Advertisement
Firewall menu options
Packet filtering
Incoming access
The Incoming Access tab allows you to control access to the UTM Firewall appliance itself, such as for
remote administration. By default, the UTM Firewall appliance runs a Web administration server, a Telnet,
and an SSH service (SSH is not applicable to the SG300 model). Access to these services can be restricted
to specific interfaces. Typically, access to the Management Console (Web/SSL Web) is restricted to hosts on
your local network (LAN Interfaces).
Security Alert:
If you want to allow administrative access on interfaces other than LAN Interfaces, there are
additional security precautions you should take, such as setting up packet filter rules. For further information, see
Packet Filtering
page. Also consider remote administration using a VPN connection as an alternative to opening a
hole in the firewall; PPTP in particular is well-suited to this task. PPTP is also an alternative to packet filter rules if
you are not connecting from a static IP address, which is required for packet filters to function. For more
information, see
VPN
overview.
Figure 169
shows the Incoming Access page:
Figure 169 Incoming Access page
The interfaces and services that appear in this page depend on the particular UTM Firewall appliance.
Table 12
provides information about the services you can enable for each interface.
Table 12 Interface service descriptions
Service
Description
Telnet
This column controls access to the UTM Firewall appliance via a telnet command line interface. Only
Administrative users with the Login access control enabled are able to connect via telnet. See
a
user. Administrative users connected via the telnet interfaces have complete access to the
configuration of the appliance. Telnet is completely unencrypted. Disabling Telnet services is
recommended for increased security.
SSH
This column controls access to the UTM Firewall appliance via a Secure Shell (SSH) command line
interface. Only Administrative users with the Login access control enabled are able to connect via
telnet. See
completely unencrypted. Administrative users connected via the SSH interface have complete access
to the configuration of the appliance.
Note:
SSH is not currently available on the SG300 model.
Web (HTTP)
This column controls access to the UTM Firewall appliance via the UTM Firewall Management Console.
To use the console, ensure that the UTM Firewall appliance's Web server is configured appropriately
in the Web page.
SSL Web
This column controls access to the UTM Firewall appliance via the UTM Firewall Management Console.
(HTTPS)
To use the console, ensure that the UTM Firewall appliance's Web server is configured appropriately
on the Web page. See
McAfee UTM Firewall 4.0.4 Administration Guide
Creating a
user. SSH provides for secure encrypted communication whereas telnet is
Creating a
user.
Creating
167
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
