デバイスへの管理者アクセスを制限する方法

08/23/2024 2 People found this article helpful 37,549 Views

Description

この記事では、デバイスの安全性を確保し、権限のある担当者のみが変更を行えるように、デバイスへの管理者アクセスを制限する方法について説明します。また、特定のIPアドレスまたはIPアドレスの範囲からのアクセスのみを制限し、それらのIPアドレスのみがデバイスにアクセスできるようにします。

Resolution

SonicOS 7.xの場合

SonicOS 6.5の場合

SonicOS 6.2もしくはより古いバージョンの場合

SonicOS 7.xの場合

ここではLANインターフェースでの管理者アクセスについて説明します。WANインターフェースでの管理者アクセスについてはLANをWANに読み替えて下さい。

管理者アクセスを有効化

注意: ここではLANインターフェースとしてX0（既定でLANゾーン)の場合で説明しますが、X0の場合HTTPSアクセスが既定で有効になっています。

ネットワーク|システム＞インターフェイスに移動します。
LANインターフェースにマウスを移動しポップアップされるメニュの設定(鉛筆アイコン)をクリックします。
管理の HTTPS チェックボックスを有効にします。
HTTP から HTTPS へのリダイレクトを有効にするためのルールを追加する をチェックします。
OKをクリックし設定を反映させます。

この時点で、LANゾーン上のすべてのデバイスは、デバイスの管理ページ（ログインページ）にアクセスできるようになっているはずです。デバイスが特定のIPまたはIPグループに対してのみ応答するように管理を制限するためには、アクセスルールの変更が必要です。

アクセスルールを変更する前に、制限するIPアドレス(ここではアクセスを許可するIPアドレス)を持つアドレスオブジェクトを作成する必要があります。

アドレスオブジェクトの作成

オブジェクト｜一致オブジェクト > アドレス に移動します。
追加をクリックします。
名前フィールドにフレンドリーな名前を入力します。
ゾーンの割当 で LANゾーンを選択します。
1つのIPアドレスに対して管理ページへのアクセスを与える場合は、種別を ホスト に設定します。IPアドレスの範囲に対してデバイスへのアクセスを与える場合は、種別で範囲を選択します。
IPアドレス もしくは 開始アドレス、終了アドレス にIPアドレスを入力します。
保存します。
複数の(非連続の)IPアドレスの場合には、上記を繰り返し複数のアドレスオブジェクトを作成し、アドレスグループタブで一つのグループを作成します。

アクセスルールの編集

ポリシー｜ルールとポリシー > アクセスルール に移動します。
ドロップダウンボックスをクリックし LAN から LAN をクリックします。
ここに2つの自動作成された管理ルールが表示されます。
両方のルールを編集し、送信元 の アドレス を上で作成したアドレスオブジェクトもしくはアドレスグループ（複数のアドレスオブジェクトの場合）にします。

SonicOS 6.5

Admin access from the LAN

Navigate to Manage | Network | Interfaces.
Edit the LAN interface by clicking on button.
Enable the HTTPS check box for Management.
Check the box Add rule to enable redirect from HTTP to HTTPS.

At this point, all the devices on the LAN zone should be able to get to the management page(login page) of the device. To restrict the management so that the device responds only to a particular IP or a Group of IP, an access rule is needed.

To create an access rule, we would need to create an address objects with the required IP addresses. To create an address object

Navigate to Manage | Policies | Objects | Address Objects.
Click Add.
Give a friendly name in the Name field.
Select the Zone as LAN or any zone from which you need to access the SonicWall.
Type needs to be set to Host if you need to give access to the management page for just one IP address or you can use the type as range if you need to give access to the device to a range of IP addresses.
Enter the IP address in the IP address field.

Once the Address objects are created

Navigate to Manage | Policies | Rules | Access Rules.
Click on Drop down boxes(radio button).
From LAN to LAN.
You will see two auto created management rules here.

Edit both the rules and select the required address object in the source field and click OK to save the settings.

At this point, only the Admin PC will be able to access the SonicWall's management page and login to the device.

Admin access from the WAN

Admin access from the WAN is needed only if you need remote access to the device. If you are not going to access the device from the outside world, it is recommended to disable the Management on the WAN interface. In this section, we will consider a scenario where you need access to the device only from your home. An address object needs to be created and the IP address will be the public IP address of your home network. You can find this using third party websites ipchicken.com or whatismyip.com.

Navigate to Manage | Network | Interfaces.
Edit the WAN interface by clicking on button.
Enable the HTTPS check box for management. Once you enable HTTP checkbox, you will get a warning, Please read and click OK to continue.

Check the box Add rule to enable redirect from HTTP to HTTPS.
Click OK .

At this point, any device on the WAN zone should be able to get to the management page(login page) of the device. To restrict the management so that the device responds only to a particular IP or a Group of IP, an access rule is needed from zone WAN to WAN.

Navigate to Manage | Policies | Rules | Access Rules.
Click on Drop down boxes(radio button).
From WAN to WAN.
You will see two auto created management rules here as well.
Edit both the rules and select the required address object in the source field and click OK to save the settings.

At this point, only the Home PC will be able to access the SonicWall's management page and login to the device.

SonicOS 6.2 もしくはより古いバージョン

Admin access from the LAN

Navigate to Network | Interfaces.
Edit the LAN interface by clicking on button.
Enable the HTTPS check box for management..
Check the box Add rule to enable redirect from HTTP to HTTPS.

At this point, all the devices on the LAN zone should be able to get to the management page(login page) of the device. To restrict the management so that the device responds only to a particular IP or a Group of IP, an access rule is needed.

To create an access rule, we would need to create an address objects with the required IP addresses. To create an Address object,

Navigate to Network | Address object.
Click Add.
Give a friendly name in the Name field.
Select the zone as LAN or any zone from which you need to access the SonicWall.
Type needs to be set to Host if you need to give access to the management page for just one IP address or you can use the type as range if you need to give access to the device to a range of IP addresses.
Enter the IP address in the IP address field.

Once the Address objects are created

Navigate to Firewall | Access rules.
Click on Drop down boxes(radio button).
From LAN to LAN.
You will see two auto created management rules here.

Edit both the rules and select the required address object in the source field and click on OK to save the settings.

At this point, only the Admin PC will be able to access the SonicWall's management page and login to the device.

Admin access from the WAN:

Admin access from the WAN is needed only if you need remote access to the device. If you are not going to access the device from the outside world, it is recommended to disable the Management on the WAN interface. In this section, we will consider a scenario where you need access to the device only from your home. An address object needs to be created and the IP address will be the public IP address of your home network. You can find this using third party websites ipchicken.com or whatismyip.com

Navigate to Network | Interfaces.
Edit the WAN interface by clicking on button.
Enable the HTTPS check box for management. Once you enable HTTP checkbox, you will get a warning, Please read and click OK to continue.

Check the box Add rule to enable redirect from HTTP to HTTPS.
Click OK .

At this point, any device on the WAN zone should be able to get to the management page(login page) of the device. To restrict the management so that the device responds only to a particular IP or a Group of IP, an access rule is needed from zone WAN to WAN.

Navigate to Firewall | Access rules.
Click on Drop down boxes(radio button).
From WAN to WAN
You will see two auto created management rules here as well.
Edit both the rules and select the required address object in the source field and click on OK to save the settings.

At this point, only the home PC will be able to access the SonicWall's management page and login to the device.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

デバイスへの管理者アクセスを制限する方法

Description

Resolution

SonicOS 7.xの場合

管理者アクセスを有効化

アドレスオブジェクトの作成

アクセスルールの編集

SonicOS 6.5

SonicOS 6.2 もしくはより古いバージョン

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch