How to restrict access to the XenMobile Server Admin console

How to restrict access to the XenMobile Server Admin console

book

Article ID: CTX219287

calendar_today

Updated On:

Description

This will allow us to restrict the access and allow only specific IP addresses to reach the management portal of the XenMobile Server.

Instructions

To achieve the desired outcome we need to configure the firewall rules on XenMobile Server 10.x. This configuration method requires administrative access to XenMobile Server through the command line interface (CLI) console. 

Below are the steps to be followed:
  1. Login to the XenMobile command line interface (CLI) console using your Administrator credentials. (default username is admin).
  2. Once authenticated, enter choice 0 to go to the Configuration menu, then, enter choice 2 to modify the Firewall settings.
    • image.png
  3. Go to the Management HTTPS service configuration (port 4443), where we will be able to configure an allow access white list. Enter desired details as shown in the examples below. Be careful not to include any spaces after the comma delimiter:
    • Example 1, single IP address and one IP address range:
    • image.png
    • Example 2, one IP address range only:
    • image.png
    • Example 3, single IP and two IP address ranges:
    • image.png
  4. Once the allow access white listing has been done, go through the other firewall rules by typing Enter and at the end, the configuration will be automatically saved and applied. There is no need to restart the server.
    • ​​​​​​​image.png
If your XenMobile Server environment is configured in cluster mode, then make sure to repeat these same steps on each of the server nodes. This completes the initial setup of Firewall rule based access controls.


It is possible to modify an existing configuration as follows:

1. Find the existing settings through the CLI interface
  • image.png
  • In the example shown above, a single IP address and also one IP address range is allowed to connect, as seen between the square brackets [ ] for 'Access white list'. 
  • This configuration results in access being allowed for all hosts on the subnet:
  • image.png
2. Enter the new desired details:
  • In this example, the IP range entry is removed, allowing only a single IP to connect:
  • image.png
  • Now that the IP range is removed, the host no longer has access:
  • image.png
3. Additional edits can be made as needed:
  • image.png
  • image.png
  • image.png

To reset the firewall rules back to default settings (with no restrictions on the port), enter c to clear as shown below:
  • image.png
  • This will return the list to the default state of being blank (all IP addresses are allowed)
  • image.png

Issue/Introduction

This article explains how to restrict access to the XenMobile Admin console to specific IPs by adding rules to the XenMobile server firewall.
Powered by Wolken Software