Management Access Control

Administration > Management Console > Management Access Control

An administrator can set the access control list (ACL) to restrict access to the management console (such as the Web console, CLI, and PING requests) or to a specific IP address or IP address range.

ACL supports both IPv4 and IPv6 addresses. You can configure a rule with a single address, an address range, or a network mask.

Use the Management Access Control page to specify the clients you want to allow access to the IWSVA management console (such as the Web console, CLI, and PING requests). Clients with IP addresses not specified or not in the specified range will not be allowed to manage the IWSVA. You can specify up to 20 IP addresses or IP address ranges.

• Note: Add the IP addresses of the central managers to which IWSVA registers (such as Trend Micro Control Manager) to the access list to allow them to function properly and access the necessary data from IWSVA.

The management ACL, disabled by default, allows any user to access IWSVA. Administrators can add one or multiple IP addresses to the management ACL. Any IP address added to the management ACL can also be deleted individually. If the list is enabled, the administrator can only connect to the IWSVA management console from an IP address displayed on the allowed IP address list.

Before setting up the ACL for the management interface, you must configure your deployment mode to use a separate  management interface.

To enable and configure the access control list for the management interface:

1. Go to Administration > Management Console > Management Access Control.

2. Select one of the following radio button:

3. IP address - to add a single IP address to the management ACL

4. IP range - to add a range of IP addresses to the management ACL

5. IP range netmask - to add all the IP address covered by a network segment to the management ACL

6. Note: No more than 20 entries can be added to the management ACL.

3. Click Add to add your entry to the allowed list.

4. Check the Enable Administrative Access Based on Client IP check box.

5. Note: At least one IP address must be added to the management ACL before enabling this feature. Only users from the allowed IP address list can access the management console. Make sure you also include the IP address of the computer you are using to access the IWSVA Web console.

5. Click Save.

6. To delete an entry, click the Delete icon on the row of the entry to be deleted and confirm the deletion by clicking OK.