DotW: WebGUI Access on External Public IP

DotW: WebGUI Access on External Public IP

72116
Created On 09/25/18 19:03 PM - Last Modified 06/09/23 07:40 AM


Resolution


This week's Discussion of the Week (DotW) focuses on "GUI Access on Public IP."

2016-06-28_dotw0.png

 

This is a question that comes up from time to time, but this time user "BPry" posted this question on the the Live Community Discussion forum:

 

https://live.paloaltonetworks.com/t5/General-Topics/GUI-Access-on-Public-IP/m-p/92102#U92102

 

In this discussion, BPry wanted to open the WebGUI to the internet via the external public IP, but he wanted to limit this access to only one IP address.


This is a simple thing to do, but can be confusing. Please allow me to explain the steps to accomplish this.

 

  1. Configure the Palo Alto Networks device for remote management.
    Configure a new Interface Management profile. Go to Network > Network Profiles > Interface Mgmt. Click "Add" in the lower left corner, give the interface a name. I used Remote_management. Under Permitted Services, I select HTTPS to enable HTTPS WebGUI access.

    Note: Please notice that I only allowed HTTPS access. I did not select Ping for the Permitted Services, so, if you want the interface to respond to pings, then you will want to select any of the other services required for the external interface. 


    2016-06-28_dotw1.pngInterface management window showing the options.
    2016-06-28_dotw1.pngInterface management window showing the options.
  2. Limit access to the WebGUI.
    Click "Add" again, then type in the Permitted IP Addresses, in my case, 99.88.77.66, then click OK.
     
  3. Apply the Interface Management to the external facing interface.
    Go to Network > Interfaces > Ethernet, then click on the Interface name, for the external interface. I used ethernet1/3. Click the Advanced tab. Under the Other Info tab, next to Management Profile, use the dropdown to select Remote_management, then click OK. Commit the changes. 

2016-06-28_dotw2.pngInterface options showing management profile options.

When you do this properly, the external facing interface will now have WebGUI access and be limited to just the one IP address that you want.

 

I hope this helps you learn more about Palo Alto Networks devices. If so, give the article a thumbs up, please!

 

As always, we welcome all feedback and comments below.

 

Stay secure!

Joe Delio
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTkCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language