Home Installation and Configuration Security Guide: Configuring the Access Control List (ACL) in FNM Manager

Security Guide: Configuring the Access Control List (ACL) in FNM Manager

Last updated on Jan 20, 2025

Security Guide: Configuring the Access Control List (ACL) in FNM Manager

Configuring an Access Control List (ACL) in FNM Manager allows you to restrict panel access to specific IP addresses and Autonomous System Numbers (ASNs), ensuring that only authorized devices can interact with it. This functionality enhances security by preventing unauthorized access from external networks.

Benefits of Enabling the Access List

  1. Enhanced Security: Only predefined IPs and ASNs will be able to access the panel.

  2. Granular Control: Ability to define access for entire networks or specific entities.

  3. Risk Mitigation: Reduces the risk of intrusions from untrusted networks.

Steps to Configure an Access Control List in FNM Manager

1. Access the Security Settings

  • Log in to FNM Manager as an administrator.

  • Navigate to Settings > System Security & Privacy.

2. Add IP Addresses or ASNs to the Whitelist

  • IP Address:

    • In the "Enter Network or ASN for Access List" field, enter a network in CIDR format (e.g., 192.168.1.0/24) or a specific IP address (e.g., 192.168.1.100).

    • Select the Whitelist option.

    • Click Add to include it. Networks or ASNs will be automatically added to the allowed list.

  • ASN:

    • Enter the Autonomous System Number (ASN), such as AS15169.

    • Select the Whitelist option.

    • Click Add to include it. ASNs will also be added automatically.

3. Verify Current Access

  • The interface will display the IP address you are currently accessing from, along with the associated ASN. Ensure it is listed as allowed ("Access Allowed").

4. Enable the Access List and Save the Configuration

  • Once you have confirmed that your IP, network, or ASN is correctly configured in the whitelist, activate the Enable Access List option.

  • Enabling this functionality will change the default behavior to "deny all access" for any IPs and ASNs not specified in the whitelist.

  • Click Save Config to save this configuration. This step will enable the access list and apply the configured rules.

Maintaining the Access List

View the Current List

  • Allowed (whitelist) and blocked (blacklist) entries will be displayed with their type (IP or ASN) and associated value.

Delete Entries

  • To remove a specific entry, click the Delete button next to it.

  • If you want to clear the entire list, use the Delete All button.

Cleaning Configuration via CLI

  • If the access list is misconfigured and you lose access to the panel, you can clean the configuration using the following command in the command-line interface (CLI):

    fnm_cli --clean_security_acl

Security Recommendations

  1. Configure Before Enabling: Ensure your current IP is included in the whitelist before enabling the access list to avoid losing access to the panel.

  2. Use CIDR Ranges or ASNs: To simplify management, use entire networks or ASNs if multiple IPs are associated with a trusted organization.

  3. Periodic Audits: Regularly review the access list to ensure entries are valid and necessary.

  4. Understand Default Behavior: When the access list is enabled, the default mode is "deny all access." If no whitelist range is specified, you will lose access to the panel and will need to clean the configuration via CLI to regain access.

With this configuration, FNM Manager will be protected against unauthorized access, strengthening your network security and minimizing potential risks.