pfsense:vlan_virtual_lan:deny_access_by_vlan_clients_to_the_pfsense_web_gui
Table of Contents
PFSense - VLAN (Virtual LAN) - Deny Access by VLAN Clients to the pfSense Web GUI
To prevent clients on a specific VLAN from even seeing the pfSense web GUI.
Add an Alias for the pfSense GUI
Navigate to Firewall –> Aliases.
- Click on the green Add
- Name: pfSenseGUI
- Description: Disable Access to pfSense GUI
- Type: Hosts(s)
- IP or FQDN: Enter the IP of the actual pfSense. Example, 192.168.1.1.
Firewall Rules
Navigate to Firewall –> Rules.
- Select Floating:
- Click on a green Add button.
- Action: Block.
- Quick: Checked.
- Interface: Select the VLAN(s) to be denied access.
- Direction: in.
- Address family: IPv4.
- Protocol: TCP\UDP.
- Source:
- Invert Match: Not Checked.
- Source: any
- Destination:
- Invert Match: Not Checked.
- Destination:
- Single host or alias
- Destination Address: pfSenseGUI.
- Destination Port Range:
- From: HTTPS (443). If pfSense is set to HTTP this needs to be HTTP (80).
- To: HTTPS (443). If pfSense is set to HTTP this needs to be HTTP (80).
- Description: VLAN 20 – no access to pfSense GUI
- Click Save.
- Click Apply Changes at the top.
NOTE: Navigate to System–>Advanced to see whether the actual pfSense GUI is set to run on either HTTP or HTTPS.
To ensure that access is denied against both HTTP and HTTPS, setup a similar firewall rule for both.
pfsense/vlan_virtual_lan/deny_access_by_vlan_clients_to_the_pfsense_web_gui.txt · Last modified: 2021/02/16 13:53 by peter