When configuring a profile for Edge access, you must make sure to select the appropriate option for Support access, Console access, USB port access, SNMP access, and Local Web UI access under Firewall settings to make the Edge more secure. This will prevent any malicious user from accessing the Edge. By default, Support access, Console access, SNMP access, and Local Web UI access are deactivated for security reasons.
To configure Edge access for profiles, perform the following steps:
Procedure
- From the SD-WAN Orchestrator, go to Configure > Profiles > Firewall. The Firewall page appears.
- Under Edge Access area, you can configure device access using the following options:
Field |
Description |
Support Access |
Select Allow the following IPs if you want to explicitly specify the IP addresses from where you can SSH into this Edge. You can enter both IPv4 and IPv6 addresses separated by comma (,). By default, Deny All is selected. |
Console Access |
Select Allow to enable Edge access through Physical Console (Serial Port or Video Graphics Array (VGA) Port). By default, Deny is selected and Console login is deactivated after Edge activation.
Note: Whenever the console access setting is changed from
Allow to
Deny or vice-versa, the Edge must be rebooted manually.
|
USB Port Access |
Select Allow to enable and select Deny to deactivate the USB port access on Edges. This option is available only for Edge models 510 and 6x0.
Note: Whenever the USB port access setting is changed from
Allow to
Deny or vice-versa, you must reboot the Edge manually if you have access to the Edge and if the Edge is in a remote site, restart the Edge using
SD-WAN Orchestrator. For instructions, refer to
Remote Actions.
|
SNMP Access |
Allows Edge access from routed interfaces/WAN through SNMP. Select one of the following options:
- Deny All - By default, SNMP access is deactivated for all devices connected to an Edge.
- Allow All LAN - Allows SNMP access for all devices connected to the Edge through a LAN network.
- Allow the following IPs - Allows you to explicitly specify the IP addresses from where you can access the Edge through SNMP. The IP addresses must be separated by comma (,).
|
Local Web UI Access |
Allows Edge access from routed interfaces/WAN through a Local Web UI. Select one of the following options:
- Deny All - By default, Local Web UI access is deactivated for all devices connected to an Edge.
- Allow All LAN - Allows Local Web UI access for all devices connected to the Edge through a LAN network.
- Allow the following IPs - Allows you to explicitly specify the IP addresses from where you can access the Edge through Local Web UI. The IP addresses must be separated by comma (,).
|
Local Web UI Port Number |
Enter the port number of the local Web UI from where you can access the Edge. |
- Click Save Changes.
What to do next
If you want to override the Edge access settings for a specific Edge, use
Enable Edge Override option available on the
Edge Firewall page. For related information, see
Configure Firewall for Edges