The Firebox configuration includes the WatchGuard Web UI policy. This policy controls which Firebox interfaces can connect to Fireware Web UI. By default, this policy only allows connections from Any-Trusted and Any-Optional networks.
If you want to allow access to the Web UI from the external network, you could edit the WatchGuard Web UI policy to allow connections from the IP address of the external computer you want to connect to Fireware Web UI.
Do not allow connections to the Web UI management interface from the Any-External alias or other aliases that expose the Web UI to the Internet.
Rather than modify the WatchGuard policy, we strongly recommend that you use a VPN to connect to the Firebox. This greatly increases the security of the connection. If this is not possible, we recommend that you allow access from the external network to only certain authorized users and to the smallest number of computers possible. For example, your configuration is more secure if you allow connections from a single computer instead of from the alias Any-External.
In Fireware Web UI:
- Select Firewall > Firewall Policies.
- Double-click the WatchGuard Web UI policy to edit it.
- Select the Policy tab.
- In the From section, click Add.
- To add the IP address of the external computer that connects to the Firebox, from the Member type drop-down list, select Host IP, and click OK. Type the IP address.
- To give access to an authorized user, from the Member Type drop-down list, select Alias. For information about how to create an alias, see Create an Alias.
- Click OK.
- Click Save.