Security issues for RV50 / ALEOS - Remote Access and IP Trusted Inbound


#1

My questions are:

  1. How do I disable remote admin access to the RV50 from all but a selected list of subnets?
  2. How do I disable remote HTTP access while enabling remote HTTPS access from the selected list of subnets?

We have a number of RV50 cell routers where we create a single IPSEC VPN tunnel
to the router, and all remote access with devices on the LAN is originated over the VPN tunnel.
We use this IPSEC tunnel to route traffic between the private IP network on the RV50 LAN to
a private IP network at our data center over the public IP and cell network.

  1. For administrative purposes, we configure
    Security -> ACEmanager -. Remote Access as “HTTPS only”.
    However, we can still connect to the router over the cell network (WAN) via http as well
    as https. How can we fully disable remove HTTP access?

  2. For security purposes, we want to enable remote access to the RV50 over the cell network (WAN)
    from all but a limited number of hosts/subnets. We used the configuration section
    Security -> Trusted IPs - Inbound (Friends)
    to add several public IP subnets that we want to have access to the RV50 router admin interaces,
    and enabled the use of Inbound Trusted IP (Friends List) Mode, and rebooted the router.
    However, this did NOT disable HTTP, HTTPS, or SSH access to the router from IP hosts NOT on
    the listed subnets. It did however, stop the forwarding of packets received over the single IP
    tunnel from IP addresses not in the “Trusted IP” list.

Any insight is appreciated. Thanks.