cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disabling WAN HTTP/HTTPS access

Disabling WAN HTTP/HTTPS access

ADTRAN recommends taking the following steps to properly secure an RG


  • Disable WAN HTTP/HTTPS access
  • Optional: Create an ACL to block incoming HTTP/HTTPS connections from outside your network

Disabling remote WAN access from the ACS


  1. Select Create a Bulk-Operation.
  2. Use these parameters as guidelines:
    1. Name: Provide a name to indicate the purpose of the bulk operation.
    2. Solicit Devices: Check.
    3. Solicit Attempts: Default is 1 but more attempts can be selected.
    4. Action: Select Disable WAN Access from the list of options.
      1. If it does not appear in the Actions list, then go to Administration -> Scripts -> Search and search for Disable WAN Access. Select it to make it usable in Bulk Operations.
      2. If it does not appear in Scripts, then the script will need to be created. Please see this doc on how to create the script.
    5. Run: Once
    6. Day of Week: Select the day/evening you plan to run this task.
    7. Run From: You can have this run all day to ensure all devices have their remote WAN access disabled.
    8. Filter Criteria: You can use the Available Columns list to search for the filter. It could be based on MAC address, label, firmware version, or the entire subscriber list.
    9. All other settings can remain at the defaults.
  3. Click Create.

Verifying the ACS Global Setting for WAN Access


The Access Control global parameter in MOSAIC Device Manager controls whether WAN HTTP/HTTPS access is on by default in deployed units. You can check this setting by going to Utilities -> JSON Editor and then setting the Edit Globals operation. Then search for AccessControl. WAN should be set to False. If it is not, ADTRAN recommends changing this option and then running a job to disable WAN side HTTP/HTTPS on all units.

ehudson1_0-1619706971524.png

 




Optional: Create an ACL to block HTTP/HTTPS traffic to your devices


While ADTRAN recommends disabling WAN HTTP/HTTPS access to SmartOS devices, if you require this functionality ADTRAN recommends doing one of the following:

  1. Add an ACL in your edge router to block HTTP/HTTPS access from outside of your network.
  2. Create an ACL on the SmartOS device to limit what source IP addresses can access the RG on those ports.
Version history
Revision #:
7 of 7
Last update:
‎04-29-2021 07:37 AM
Updated by:
 
Contributors