Admin Console Firewall
This feature is only available with Hermes SEG Pro License.
The Admin Console Firewall allows you to specify IP Address(es) that will be allowed access to the Hermes Admin Console (/admin/ and the Ciphermail Admin Console (/ciphermail/). The Firewall does NOT affect the User Console (/users/). By default, all IP Addresses are allowed access to the Admin and the Ciphermail Admin consoles.
For best security, it's recommended that you enable the AdministrationAdmin Console Firewall to restrict access only to specified IP addresses.
Note: In order to prevent a lockout of the Administration Console, the system will not allow you to enable the Administration Console Firewall unless the IP address that you are accessing the the Administration Console from is in the list of Allowed IP Addresses. Additionally, it will not allow you to Delete the IP address you are accessing the Administration Console from from the list of Allowed IP Addresses.
- Before the system will allow you to enable the firewall, you must first add the IP Address that you are accessing the Admin Console from, which can be found on the top right corner of the by hovering over theicon (Figure 1):
Figure 1
- Click on the Add IP Address button and in the resultant window enter your IP address and set the Allow to Hermes Admin and optionally Allow to Ciphermail Admin drop-downs to YES, enter a note in the Note field for your own use and click the Submit button (Figure 2):
Figure 2
- Repeat the procedure to add any additional IPs as necessary.
- As you add each IP address, they will show up under the Allowed IP Addresses section (Figure 3):
Figure 3
- Once you are finished adding IP address(es), set the Firewall Status drop-down to Enabled and click the Submit button (Figure 4):
Figure 4
Click the Apply Settings button to apply the changes to the firewall (Figure 5):
Figure 5
- Test your firewall by attempting to access the Admin Console at https://<ipaddress>/admin/ where <ipaddress> is the IP address or the hostname of your Hermes SEG from an IP Address that you did NOT allow in Admin Console Firewall. You should a 403 Forbidden message (Figure 5)
Figure 5