Overview
It might be necessary in an organization to secure devices to unauthorized access, even from internal users, to ensure that they are not able to change anything on the devices in this case. While things are normally secured by a username and password, extra security precautions can be put in place, such as disabling SSH (Secure Remote Login) or using a firewall. However, taking drastic measures such as disabling SSH might not work for an administrator of the box who would need SSH access to it. As a result, it might be wanted to restrict access for some users, while leaving it open to others.
This article depicts the use of network objects and policies in Exinda to implement access restrictions.
Information
The Exinda can help implement access restrictions through the use of network objects and policies. By placing a discard policy at the top of the Optimizer for a source of a network object with blacklisted hosts to/from a destination of the Exinda's Management IP for all applications, this will discard all attempted Web UI and CLI management from the specific sources, while allowing for all other users to access it unaffected.
Conversely, it would also be possible to create a whitelist of certain users allowed to access the Exinda, while discarding the traffic for everyone else by reversing the process - create a whitelist that allows traffic through for specific hosts, and then add a second policy for discarding all other access to the Exinda underneath the more specific policy.
Either one of these makes Exinda more secure from an access perspective.