How to restrict access to components

Question: How can I restrict the access to components on the LAN side?

Answer:

The license " User/Client component setting (Firewall behind device) " is needed to do that
Can be checked under "System > In Use / Licenses":

1. If the access is not restricted (Default option):

The complete LAN network of the router can be reached through the VPN connection. There are no restrictions and when checking the accessibility via ping, all components in the LAN subnet can be reached.

If you´re opening the access menu of a component (LAN > component > edit > Access):

You can only add users who are not allowed to visually see and have access to the component in the portal. As explained in the dialogue, everyone is allowed to see the component, except of the ones entered in the list. But even though the component cannot be accessed in the configuration by that user, he is still able to reach it through the VPN connection on the TCP/IP level.
 

2. If the access is restricted:


This option allows the server to block connections to the router network
 

The complete remote network cannot be accessed through the VPN connection. If a user establishes an VPN connection to the router, he is not able to access any network component on the LAN network or the router itself, as the access to the remote network is restricted and therefore blocked by the system.

If you´re opening the access menu of a component (LAN > component > edit > Access):

Users can now be added to the list which will have access to this particular component only. After establishing a VPN connection through the router to the remote network, only this component can be accessed, all other network components are not reachable.

This only applies for users without admin-rights
Users with admin-rights will always have access

Typ: HowTo Revision: EN-mbconnect24-09-V1.0 Datum: 17.03.2021