Cisco Cisco Email Security Appliance C170 Guía Del Usuario
32-23
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 32 Distributing Administrative Tasks
Configuring Access to the Email Security Appliance
Note
AsyncOS supports only IPv4 addresses in the
x-forwarded-for
header.
Important Precautions When Restricting Network Access
Caution! You may lose access to the appliance after submitting and committing network access changes
if one of the following conditions is true:
if one of the following conditions is true:
•
If you select Only Allow Specific Connections and do not include the IP address of your current
machine in the list.
machine in the list.
•
If you select Only Allow Specific Connections Through Proxy and the IP address of the proxy
currently connected to the appliance is not in the proxy list and the value of the Origin IP header is
not in the list of allowed IP addresses.
currently connected to the appliance is not in the proxy list and the value of the Origin IP header is
not in the list of allowed IP addresses.
•
If you select Only Allow Specific Connections Directly or Through Proxy and
–
the value of the Origin IP header is not in the list of allowed IP addresses
OR
–
the value of the Origin IP header is not in the list of allowed IP Addresses and the IP address of
the proxy connected to the appliance is not in the list of allowed proxies.
the proxy connected to the appliance is not in the list of allowed proxies.
Creating the Access List
You can create the network access list either via the GUI or the
adminaccessconfig > ipaccess
CLI
command.
Before You Begin
Ensure that you will not lock yourself out of the appliance after changing network access settings. See
Procedure
Step 1
Select System Administration > Network Access.
Step 2
Click Edit Settings.
Step 3
Select the mode of control for the access list:
Option Description
Allow All
This mode allows all connections to the appliance.
This is the default mode of operation.
Only Allow Specific Connections
This mode allows a user to connection to the appliance if the
user’s IP address matches the IP addresses, IP ranges, or CIDR
ranges included in the access list.
user’s IP address matches the IP addresses, IP ranges, or CIDR
ranges included in the access list.