With that said, I think that this process should be easier. It seems to me, just like in Check Point, that you should just be able to go to one place, type in the new port number, and go with it. Maybe in a future release.
1. Configure a loopback interface on the firewall and assign an interface Management Profile permitting the desired type of access.
Note: The management profile permitting access only needs to be on the loopback interface, and not
the Untrust interface.
2. Configure custom services for the nondefault ports that will allow access to the firewall. In this example, TCP/7777 is chosen for HTTPS and TCP/7778 for SSH access. (choose your own ports)
3. Configure individual destination NAT policies to translate the custom ports to the default access ports.
4. Configure a security policy allowing inbound access to the Untrust interface. Optionally, the specific ports to be allowed in this security policy can be included.
5. Commit the changes.
6. Try to access the unit on the new port.
Hi, thanks for this. Can you elaborate on some of the steps? Creating the loopback interface, looks like there is a new zone, TRUST-L3. Creating the NAT, looks like there is another new zone, Untrust-L3, and the object "Untrust_interface" .... is the value of that x.x.x.x or with cidr, x.x.x.x/26 for example?ReplyDelete