DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Allow WAN access to DrayTek management login page from one IP address

  • daveb-wist
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
29 Jun 2023 19:20 #102602 by daveb-wist
Allow WAN access to DrayTek management login page from one IP address was created by daveb-wist
Hi guys,

What is the correct method to restrict WAN management access to a DrayTek router/firewall to one IP address?

For example say I have a DrayTek router/firewall with a WAN real IP address of 230.230.230.1 and I only want to allow access to the management login page from one other remote network with a WAN real IP address of 140.140.140.1 and no access from any other location on the internet.

The aim being that the remote DrayTek router/firewall can only be managed by myself from my office.

(IP addresses above are for example only).

Thanks!

Dave

Please Log in or Create an account to join the conversation.

More
30 Jun 2023 10:54 #102603 by ianfretwell
Replied by ianfretwell on topic Re: Allow WAN access to DrayTek management login page from one IP address
Would maybe be simpler/safer to create a client-VPN session from your office to the Draytek and then just manage it on it's internal address ?

Please Log in or Create an account to join the conversation.

More
30 Jun 2023 12:40 #102604 by cocospm
Replied by cocospm on topic Re: Allow WAN access to DrayTek management login page from one IP address
You don't say which DrayTek model of router you've got, but for the 286x range the following works for me...

Create an IP Object (Objects Setting > IP Object) for the single WAN IP address you want to give access to.
Go to System Maintenance > Management, then:
- In the Internet Access Control section, tick "Allow management from the Internet".
- In the Access List from the Internet section add the Index of the IP Object you created to the list.
Save the updates and test.

Please Log in or Create an account to join the conversation.

  • daveb-wist
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
30 Jun 2023 16:38 #102605 by daveb-wist
Replied by daveb-wist on topic Re: Allow WAN access to DrayTek management login page from one IP address
Thanks guys!

(A VPN would work but it will be used by various staff members so restricting via IP may be easier).

Please Log in or Create an account to join the conversation.

More
24 Jan 2025 21:43 #104482 by sgictdt
Replied by sgictdt on topic Re: Allow WAN access to DrayTek management login page from one IP address
Just to add, despite restricting to a single IP, any other external IP can still reach the logon page of the router. If they enter the correct username/password, it simply rejects and wont let them in. Whilst it achieves answering the question, its not the most secure way of doing it, especially as time goes on, router is no longer supported and weakness(es) are discovered.

The other suggestion of using VPN access to dial into the internal network to hit the management port is more secure but agree this limits who can access it within your office. However, this actually can work in your favour from a security point of view where you can have a dedicated laptop/PC that its sole job is to dial into routers to manage. This allows a process to follow and control who has access to them at a given time.

Please Log in or Create an account to join the conversation.

More
28 Jan 2025 11:32 #104502 by Andy
Replied by Andy on topic Re: Allow WAN access to DrayTek management login page from one IP address
I'm sorry but that simply isn't true - I have loads of routers setup with remote management and restricted to my office IP and I can't access the login page from another location.
It's possible what are you seeing is the login page for SSL VPN if you have it set to bind on 443.

Please Log in or Create an account to join the conversation.

Moderators: Chris