Hi guys,

What is the correct method to restrict WAN management access to a DrayTek router/firewall to one IP address?

For example say I have a DrayTek router/firewall with a WAN real IP address of 230.230.230.1 and I only want to allow access to the management login page from one other remote network with a WAN real IP address of 140.140.140.1 and no access from any other location on the internet.

The aim being that the remote DrayTek router/firewall can only be managed by myself from my office.

(IP addresses above are for example only).

Thanks!

Dave

Would maybe be simpler/safer to create a client-VPN session from your office to the Draytek and then just manage it on it's internal address ?

You don't say which DrayTek model of router you've got, but for the 286x range the following works for me...

Create an IP Object (Objects Setting > IP Object) for the single WAN IP address you want to give access to.
Go to System Maintenance > Management, then:
- In the Internet Access Control section, tick "Allow management from the Internet".
- In the Access List from the Internet section add the Index of the IP Object you created to the list.
Save the updates and test.

Thanks guys!

(A VPN would work but it will be used by various staff members so restricting via IP may be easier).