Hi@all,
For various apps (OX, Nextcloud, etc.), I have allowed access over HTTPS to the different UCS systems through pfSense. This works. However, it also allows access to the UMC. Is there a way to prevent this?
with best
sven
Hi@all,
For various apps (OX, Nextcloud, etc.), I have allowed access over HTTPS to the different UCS systems through pfSense. This works. However, it also allows access to the UMC. Is there a way to prevent this?
with best
sven
What you say is, that you like to prevent through a VPN tunnel to access the UMC, korrekt?
Well, the UMC is listening on port 80 if not changed. Just add a FW rule to prevent VPN users to reach port 80 on your USC system. The AD DC services are listening on other ports, so this should still work.
Or the other way around: Add a FW rule to prevent anyone from the VPN tunnel to access your USC Server, except the service ports you are utilizing.
I would suggest using a reverse proxy that only grants access to the applications.
Hi @pixel
I also pondered if it would be possible to specify where the UMC is available.
Our DC has connection to a few VLANs providing different services, but this allows access to UMC from each of the networks. I can probably filter this somewhere on the network but would much prefer to find UCR switch to limit access to the UMC.
Allow UCM only from 10.0.0.x network would be great if could be achieved from the UCR config.