How to Keep your gateway safe from attackers with access to your LAN (ACL Configuration)

It might happen. Perhaps it's a disgruntled employee, or a hacker that found a way through your firewall - if someone has access to your LAN many of your systems may be at risk. By configuring the Gateway's Access Control List (ACL) you can limit a local hackers ability to mess with your gateway.

Attention: before changing the ACL, we recommend that you create a backup of your device. If you fail to configure ACL rules properly, it is possible that you can lose all access to your Gateway. If this occurs, you will need to do a hardware factory reset and restore the recent backup of your device.

Restrict LAN access to specific services

In your GUI, navigate to "ACL" under "Preferences"

In this table you can see the services that will still be available after you restrict access. Deselect "Allow all access from LAN" and click "Save"

To finish, click "activate" and access to the Gateway will be limited to the listed services.

Restricting port access to a single IP-Adress

If you want to keep an additional service open and available to another system or computer in your network, you can create a rule to allow this. 

First, click "add"

In the next dialog, you can limit access to specific ports used by the gateway to a single IP-Address. In this case, I'm going to limit the Telnet port (used for various Gateway functions) so that it can only be accessed by a computer configured with a specific static IP address.

To do this, I will select Telnet. For the Access Control Rule, I entered a static IP-address outside of my DHCP range to ensure that only my computer can access this port.

Attention: your static IP-address will be different than what I entered here. 

Click "Save" and you will see a new entry in the ACL table. Click "Activate" to apply the new rule.

Next, deselect "Allow all access from LAN" and click "Save"

To finish, click "activate" and access to the Gateway will be limited the IP-Address you specified.