Reset Search
 

 

Article

KB44589 - How to restrict administrator web interface from Internet?

« Go Back

Information

 
Last Modified Date9/15/2020 6:13 PM
Synopsis

How to restrict administrator web interface from Internet?

This article describes an issue where administrator web interface is available on the internet when Pulse Connect Secure is setup as one-arm topology.
Problem or Goal
When the Pulse Connect Secure appliance is configured with one-arm topology, by default PCS allow/ enable administrators to sign in on the Internal Port. Customers cannot disable the access from the Internal Port, if only Internal Port is configured on the Pulse Secure Appliance.
Cause
Solution
Pulse Secure strongly recommends the following if PCS is configured with only one-arm topology.
  • To enable the Source IP Based Restrictions for the Administrator Realm, navigate to  Administrator > Admin Realms > Admin Users > Authentication Policy > Source I
  • Enable 2FA for the administrator sign-in URL.
  • Customers can configure the Management Port to allow administrators to sign in and disable administrators to sign in on the Internal Port. To disable/enable administrator access, navigate to  Administrator > Admin Realms > Admin Users > Authentication Policy > Administrator sign in ports.         
Note: If the internal and external port are configured on the Pulse Connect Secure appliance, please make sure administrator access is disabled from External Port. This setting can be verified under Authentication Policy of Administrator Realms.
Navigate to  Administrator > Admin Realms > Select Realm > Authentication Policy > Administrator sign in ports
Related Links
Attachment 1 
Created BySahil Mahajan

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255