# Admin Console Firewall

This feature is only available with Hermes SEG Pro License.

The Admin Console Firewall allows you to specify IP Address(es) that will be allowed access to the **Hermes Admin Console (/admin/** and the **Ciphermail Admin Console (/ciphermail/).** The Firewall does NOT affect the User Console (/users/). By default, all IP Addresses are allowed access to the Admin and the Ciphermail Admin consoles. For best security, it's recommended that you enable the Admin Console Firewall to restrict access only to specified IP addresses. **Note:** In order to prevent a lockout of the Administration Console, the system will not allow you to enable the Administration Console Firewall unless the IP address that you are accessing the the Administration Console from is in the list of Allowed IP Addresses. Additionally, it will not allow you to Delete the IP address you are accessing the Administration Console from from the list of Allowed IP Addresses. - Before the system will allow you to enable the firewall, you must first add the IP Address that you are accessing the Admin Console from, which can be found on the top right corner of the by hovering over the[![image-1643039940957.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643039940957.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643039940957.png)icon (**Figure 1**): **Figure 1** [![image-1643039855923.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643039855923.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643039855923.png) - Click on the **Add IP Address** button and in the resultant window enter your IP address and set the **Allow to Hermes Admin** and optionally **Allow to Ciphermail Admin** drop-downs to **YES**, enter a note in the **Note** field for your own use and click the **Submit** button (**Figure 2**): **Figure 2** [![image-1643040850454.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643040850454.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643040850454.png) - Repeat the procedure to add any additional IPs as necessary. - As you add each IP address, they will show up under the **Allowed IP Addresses** section (**Figure 3**): **Figure 3** [![image-1643040227272.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643040227272.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643040227272.png) - Once you are finished adding IP address(es), set the **Firewall Status** drop-down to **Enabled** and click the **Submit** button (**Figure 4**): **Figure 4** [![image-1643040335743.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643040335743.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643040335743.png) Click the **Apply Settings** button to apply the changes to the firewall (**Figure 5**): **Figure 5** [![image-1643040501619.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643040501619.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643040501619.png) - Test your firewall by attempting to access the **Admin Console** at **https://<ipaddress>/admin/** where **<ipaddress>** is the IP address or the hostname of your Hermes SEG from an IP Address that you did **NOT** allow in Admin Console Firewall. You should a **403 Forbidden** message (**Figure 5**) **Figure 5** [![image-1643040669051.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1643040669051.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1643040669051.png)