IP Filter / Access Restrictions for VMS

Q and A about functionality and how to solve a special task for your application.

Moderator: Support

Post Reply
johncove
Posts: 4
Joined: 30 May 2017, 13:52

IP Filter / Access Restrictions for VMS

Post by johncove » 25 Jun 2019, 10:20

Hi support,

I have been asked to lock down the Ventuz Machine Service 2.2. I have following the following instructions from your user manual but they do not seem to be working, or my Start Parameter is incorrect syntax. It is not very clear from the user manual, so I am taking the instruction verbatim.

Can you please help. Below are the instructions I am following from your user manual, and attached is the Start parameter for the VMS service on my local PC. The VMS still accepts any IP, so the IP filtering is not working. My internal IP is 192.168.1.65, but VMS is still acknowledging the connection even though the IP filter is set to only accept from 192.168.1.64.

-- attached in a screen shot --

IP Filter / Access Restrictions
The VMS is installed as a Windows Service without any IP restriction by default. This allows other users in the same network to access the VMS. To avoid unwanted or accidental access to VMS and running Ventuz processes you can apply IP restrictions to gain exclusive access to VMS.
• by default (no parameters) any remote IP and local IP has access to VMS
• VMS can be restricted to a set of remote IP addresses. Only single full qualified IPv4 or IPv6 IP addresses can be specified. If you want to gain access from multiple remote IP address you have to add multiple restrictions parameters. Wildcards or patterns are not allowed. Mistyped or misspelled addresses are ignored. If any remote IP is specified the localhost is always included in the list! So local access is always possible, even if access has been restricted to certain remote IP addresses.

-192.168.1.100 -192.168.1.101 -192.168.1.102
• VMS can be restricted to be only accessible by the local system (no remote access allowed, any specified remote IP is ignored!) by specifying the command line parameter

-local

Best regards,
John
Attachments
ss.png

Post Reply