SummaryIt might be necessary to want to restrict management of the Exinda for both CLI and web UI to specific users in order to adhere to access restriction policies at workplaces.
OverviewIt might be necessary in an organization to secure devices to unauthorized access, even from internal users, to ensure that they are not able to change anything on the devices in case. While things are normally secured by a username and password, extra security precautions can be put in place, such as disabling SSH or using a firewall. However, taking drastic measures such as disabling SSH might not work for an administrator of the box wh owould need SSH access to it. As a result, it might be wanted to restrict access for some users, while leaving it open to others.
The Exinda can help perform this restriction through use of network objects and policies. By placing a 'discard' policy at the top of the optimizer for a source of a network object with blacklisted hosts to/from a destination of the Exinda's management IP for all applications, this will discard all attempted web UI and CLI management from the specific sources, while allowing for all other users to access it unaffected.
Conversely, it would also possible to create a whitelist of certain users allowed to access the Exinda, while discarding the traffic for everyone else by reversing the process - create a whitelist that allows traffic through for specific hosts, and then add a second policy for discarding all other access to the Exinda underneath the more specific policy.
Either one of these will make the Exinda more secure from an access perspective.