Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 57
  1. #21
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,762

    Default

    Quote Originally Posted by stubannon View Post
    Then, as per Timur's instructions, I rebooted the appliance and when it came back on, my NGFW is still not connecting in the Command Center.

    Any advice would be greatly appreciated.
    Please DM me your UID.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #22
    Newbie
    Join Date
    Aug 2022
    Location
    Dublin, Ireland
    Posts
    3

    Default

    Quote Originally Posted by jcoffin View Post
    Please DM me your UID.
    DM'd there. Thanks.

  3. #23
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,762

    Default

    Quote Originally Posted by stubannon View Post
    DM'd there. Thanks.
    Thanks for the UID. I don't see it connected as you saw. Can you check the date of /usr/bin/pyconnector ?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #24
    Newbie
    Join Date
    Aug 2022
    Location
    Dublin, Ireland
    Posts
    3

    Default

    Quote Originally Posted by jcoffin View Post
    Thanks for the UID. I don't see it connected as you saw. Can you check the date of /usr/bin/pyconnector ?
    No problem at all and thanks for getting back to me so quickly, again! I appreciate that.

    Sent you another DM just now with details and a question, just to be on the safe side.

  5. #25
    Master Untangler
    Join Date
    Mar 2021
    Posts
    164

    Default

    So this one site I NEED to get in that I just deployed last Friday... I do have Wireguard VPN access to all the subnets (including the main subnet NGFW is on 10.1.1.1) but I have webadmin GUI locked down to only accessible from 10.1.1.1.... So when I remote in via Wireguard, even though I have all the subnets exported/available to wireguard.... I get the HTTP administration is disabled message I assume because the IP address of my Wireguard session is 172.16.7.5/32.....??

    Any other way to fix this if I can Wireguard into the network without physically going there??

  6. #26
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    143

    Default

    Quote Originally Posted by defcomllc View Post
    I get the HTTP administration is disabled message I assume because the IP address of my Wireguard session is 172.16.7.5/32.....??
    Any other way to fix this if I can Wireguard into the network without physically going there??
    You've probably got the 'HTTP administration allowed' option disabled, which means you can only connect to it via HTTPS. Assuming you've allowed HTTPS access to the GUI, you may be able to just change the address bar to https://

    It's also possible you've set up a restricted admin subnet which excludes your WireGuard IP address pool. In that case, there's no solution without access to the GUI: the only IPs allowed to access the admin GUI are the specified ones.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

  7. #27
    Master Untangler
    Join Date
    Mar 2021
    Posts
    164

    Default

    Quote Originally Posted by gravenscroft View Post
    It's also possible you've set up a restricted admin subnet which excludes your WireGuard IP address pool. In that case, there's no solution without access to the GUI: the only IPs allowed to access the admin GUI are the specified ones.
    This is exactly what I have.... I have restricted admin webgui access to 10.1.1.0/24 which is my MGMT subnet that the NGFW sits on.... But, I have NOT added the Wireguard IP address pool, which is exactly my thoughts on why I cannot access the GUI.

    This may be a question for another thread... But I didnt want to give the Wireguard IP address pool access to webadmin gui because Ill be giving wireguard to certain people in the building and dont want them to have access.

    What would be your suggested setup to allow me/admin Wireguard access to the webadmin gui but other Wireguard users restricted from being able to load or access the webadmin gui??

    Different IP subnets for different Wireguard users???

  8. #28
    Master Untangler
    Join Date
    Mar 2021
    Posts
    164

    Default

    Im going onsite tomorrow morning. I need to get in. Good thing this client is only 10min from the office... Suggested setup with Wireguard admin gui restricted to just my login would be great.

  9. #29
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    143

    Default

    Quote Originally Posted by defcomllc View Post
    This is exactly what I have.... I have restricted admin webgui access to 10.1.1.0/24 which is my MGMT subnet that the NGFW sits on.... But, I have NOT added the Wireguard IP address pool, which is exactly my thoughts on why I cannot access the GUI.
    Yup, that's exactly it. Unfortunately, you can't change that setting without access to the GUI.

    Quote Originally Posted by defcomllc View Post
    What would be your suggested setup to allow me/admin Wireguard access to the webadmin gui but other Wireguard users restricted from being able to load or access the webadmin gui??
    We're definitely getting a little far off-topic here, but the short answer would be to add your client's IP address to the allowed management subnets. Your client always gets the same IP address when connected to WG, so you can just stick 172.16.7.5/32 in that 'allowed subnets' field to give only your specific WG client access.
    defcomllc and dashpuppy like this.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

  10. #30
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,762

    Default

    Quote Originally Posted by defcomllc View Post
    Im going onsite tomorrow morning. I need to get in. Good thing this client is only 10min from the office... Suggested setup with Wireguard admin gui restricted to just my login would be great.
    Frankly, restricting access to the GUI by IP address on the LAN is not worth it unless you are see many failed attempts to login. I do recommend not having GUI access on WAN which is the default setting.
    dashpuppy likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 3 of 6 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2