Tutorial: How to Isolate Access Server's Web Services
This tutorial shows a narrow use case in which you isolate Access Server's web services so they are no longer accessible over the internet.
Overview
This tutorial shows you how to turn off access to the Admin and Client Web UIs.
Caution
If you turn off access to Access Server's web services, you won't be able to manage Access Server with the Admin Web UI anymore. You must rely on the command-line interface (CLI) to manage settings, users, certificates, and distributing connection profiles.
OpenVPN Connect may also require Access Server's web services to use the secure XML-RPC to make an SSL connection.
An installed Access Server.
Sign in to the Admin Web UI.
Click Configuration > Network Settings.
Under Web Service forwarding settings, set the admin and client web servers to No.
Set the Admin Web UI Interface and IP Address to the localhost.
Note
After making this change and saving, you won't be able to access the Admin Web UI anymore.
Now you can set your firewall to only allow ports TCP 443 and UDP 1194, the default OpenVPN daemons ports.
Access Server should still be able to make OpenVPN tunnel connections, but the web interfaces are not reachable.
Important
If you use server-locked profiles for any user accounts, they won't be able to connect anymore. You must use user-locked or auto-login profiles.