Skip to content

KB002: Configure Administration Access Restriction from the Internet

Article ID: KB002

Last Updated: June 21, 2025

Applies To: HySecure Gateway 7.1 and above

Category: Security & Access Control

Overview

This guide explains how to control access to the HySecure Management Console from the Internet. Administrators can allow or block user access to the Management Console over the internet, improving security by restricting access to the local network only when required.

Prerequisites

  • HySecure Gateway 7.1 or higher
  • Security Officer or Administrator access to the HySecure Management Console

Procedure

Method 1: Restrict Administration Access for Local Users

For New Users:

  1. Access Management Console

    • Log in to the HySecure Management Console as a Security Officer or Administrator.

  2. Navigate to Local Users

    • Go to Users > Local Users.

    • Click Add to create a new user.

  3. Configure Internet Access

    • Configure user details as normal.

    • Uncheck the option Allow administration access from internet.

    • Complete the user creation process.

For Existing Users:

  1. Edit Existing User

    • Go to Users > Local Users.

    • Select the user to modify.

    • Click Edit.

  2. Modify Internet Access

    • Uncheck the Allow administration access from internet option.

    • Save changes.

Method 2: Restrict Administration Access for AD Users

For New Role Assignments:

  1. Access Admin Users

    • Log in to the HySecure Management Console as a Security Officer or Administrator.

  2. Navigate to Admin Users

    • Go to Users > Admin Users.

    • Click Add.

  3. Configure Role with Internet Restriction

    • Select desired role (Security Officer, Administrator, L1 Support User, or Monitor).

    • Select HySecure Domain and Authorization Server.

    • Uncheck the option Allow administration access from internet while assigning the role to the user.

    • Complete role assignment

For Existing Admin Users:

  1. Edit Existing Assignment

    • Go to Users > Admin Users.

    • Select an existing admin user.

    • Click Edit.

  2. Modify Internet Access

    • Uncheck the "Allow administration access from Internet" option.

    • Save changes.

Configuration Details

Available User Types

Local Users:

  • Native certificate-based users
  • Security Officer, Administrator, L1 Support, Monitor roles
  • Require security certificate installation

AD Users:

  • Active Directory users with assigned management roles
  • HTML5 browser access from any device
  • No certificate installation required

Internet Access Options

Enabled (Default):

  • The user can access the Management Console from the internet
  • No network location restrictions
  • Standard security applies

Disabled:

  • User restricted to local network access only
  • Internet-based access attempts will be blocked
  • Enhanced security for sensitive operations

Note

  • Default Behavior: Administration access over the internet is enabled by default for all users.
  • Security Recommendation: Disable Administration access over the internet for high-privilege accounts when possible.
  • Network Planning: Ensure local network access is available before disabling internet access.

Verification

After configuration:

  1. Test Local Network Access: Verify the user can access the console from the internal network.

  2. Test Internet Access: Confirm internet access is blocked (if disabled).

  3. Check User Permissions: Ensure other console functions work normally.

  4. Document Changes: Update user access documentation.

Troubleshooting

Common Issues:

User cannot access the Console:

  • Verify local network connectivity.

  • Check if the internet access restriction is appropriate.

  • Confirm the user account is active.

Internet Access Still Working:

  • Verify configuration was saved properly.

Local Network Access Issues:

  • Verify network routing and firewall rules.

  • Check the HySecure gateway network configuration.