Skip to main content

Security

The Security page centralizes configuration of access controls for the USP Admin UI. Use it to apply policies that govern who can reach the USP Admin UI and how access is enforced.

For now, the only available control is shown in the table below, along with its corresponding field label in the UI.

FeatureDropdown Label
USP Admin UI IP FilteringIP Filter List for Admin UI Connections

USP Admin UI IP Filtering

warning

Adding an IP Filter to the USP Admin UI may result in being locked out. Read this entire section before enabling the feature. If you are already locked out, see Lockout Recovery (CLI).

In the IP Filter List for Admin UI Connections dropdown, you can Assign an IP Filter to restrict which source IPs can reach the USP Admin UI.

Safety Checks & Guardrails

USP includes safeguards when you update the USP Admin UI IP Filter:

  • Immediate effect: Changes take effect on the very next USP Admin UI or USP REST API request.
  • Assignment validation: You can only assign an IP Filter if it is guaranteed not to block all access. Specifically:
    • If the Default Action is Allow, the filter can be empty.
    • If the Default Action is Block, the filter must contain at least one Allow rule.
  • Loopback always allowed: Connections from loopback addresses (e.g., 127.0.0.1 for IPv4 or ::1 for IPv6) are not filtered, since local access is required for the USP Admin UI to function.

Best Practices

  • Prefer a minimal allowlist (e.g., VPN and bastion ranges).
  • Use Test IP to test filters.
  • Use the IP Filter Description to document purpose and ownership.
  • Review logs after changes to confirm expected outcomes.

Lockout Recovery (CLI)

If you've locked yourself out of the USP Admin UI, you can remove the IP Filter assignment from the Security configuration using the USP Manager CLI.

On the USP Manager host, execute the following command with administrative privileges:

usp-manager remove-ip-filter

Now you will be able to sign back to the USP Admin UI and assign a safe IP Filter.

info

This command only removes the assignment; your IP Filters and IP Rules remain unchanged.

Adding or Editing a Security Feature

warning

Before adding a security feature, read the corresponding section in this page.

  1. From the Sidebar, click General > Security.
  2. Click Edit.
  3. Select the option in the dropdown of the corresponding Security Feature you want to add or edit.
  4. Click Save.