Safe to port-forward the management interface

[vRod]

Hello,

Sorry if this question has already been A&A, i tried to search but did not find anything. I just recently put a PMG into use, inside a DMZ network. Only using this for inbound and so far it works really well. My users get the daily spam summary, including the links to either white-/ or blacklist the email(s). This links takes them to the web interface on port 8006.

My question is now: is it safe to expose this interface to the internet? This is also the interface used to manage the appliance itself (i enabled TOTP), so i am a little skeptical. I know that for PVE&PBS it is not recommended.

Thanks!
Chris

 

[Stoiko Ivanov]

My question is now: is it safe to expose this interface to the internet? This is also the interface used to manage the appliance itself (i enabled TOTP), so i am a little skeptical. I know that for PVE&PBS it is not recommended.

Exposing the complete Admin GUI might not be wanted - I'd suggest to check out the article in the pmg-wiki about only exposing the quarantine interface with an nginx-proxy in front:
https://pmg.proxmox.com/wiki/index....Mail_Gateway#Quarantine_Web_Interface_via_443

(in general all tips on this page and the linked ones are recommended)

I hope this helps!

 

[vRod]

Hello,

I wanted to write yesterday already but didn't get around to it... thanks for the link! I went through it and was able to achieve the access to quarantine but not admin gui

Chris