Permitted IP Addresses

You can administer a security device from one or multiple addresses of a subnet. By default, any host on the trust interface can administer a security device. To restrict this ability to specific workstations, you must configure permitted IP addresses. However, be aware that by configuring a permitted IP address, you simultaneously block all the other hosts from administering the device. If you want more than one workstation to be able to administer the security device, you must add each workstation individually as a permitted IP addresses.

Note: Configuring a permitted IP address only restricts which workstation has administration rights to the security device and not who can administer it. Any administrator can log on to one of these workstations with their admin name and password and manage the device.

Note: The IP addresses you enter here are the addresses as perceived by the configured NAT device. If two or more hosts reside behind any NAT device that does many-to-one NAT, then it is only necessary to enter one public IP address, not the private IP addresses of individual hosts. To specify multiple host addresses, enter a single IP network address and its netmask.

To Add a Permitted IP Address

  1. In the IP Address/Netmask field:

To restrict administration to one address (one workstation), enter the specific IP address and 32 as the netmask.

or

To allow administration from multiple addresses in a subnet, enter the specific IP network address and its netmask.

Note: If you enter an invalid IP address and click Add, the setting reverts to the default IP address (0.0.0.0).

  1. To add an IPv6 address, enter the following details in the IPv6 Address/Netmask field:

To restrict administration to one address (one workstation), enter the specific IPv6 address and 128 as the netmask.

or

To allow administration from multiple addresses in a subnet, enter the specific IPv6 network address and its netmask.

  1. Click Add.

Configured Permitted IPs List

This table lists the IP addresses of the only workstations that can administer the security device.

To Remove a Permitted IP Address

  1. In the Configure column, click Remove for the permitted IP address you want to remove.

A system message prompts you to confirm the removal.

  1. Click OK to continue or Cancel to cancel the action.