Lucy Awareness
Visit our WebsiteContact Support
  • Wiki Overview
  • Guides
    • Quick Guides
      • Create Your First Campaign
        • Adding a New Client
        • Register an Attack Domain
        • Campaign Setup
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Whitelisting
    • Installing Lucy
      • On-Premise vs Cloud Installation
      • Architecture
      • Hardware Requirements
      • Network Communication
      • Installing Lucy
      • Post Installation
    • Manage Blacklisted Domains
      • Managing Google SafeBrowsing Alerts
    • Whitelisting a Lucy Server
      • Google Workspace Whitelisting
      • Microsoft O365 Whitelisting
      • File Attack Whitelisting
    • Attack Simulations
      • Attack Types
        • Data Entry Attack
        • Hyperlink Attack
        • File Attack
        • Portable Media
        • Smishing
        • Lures
        • QR Codes
        • Ransomware Emulation
        • Technical Malware Test
          • Malware Toolkit Test Suite
        • Mail & Web Filter Test
        • Email Spoofing Test
      • Attack Template Customization
      • Firewall Protection Interval
      • Email Tracking Technologies
      • Advanced Information Gathering
      • Regular Expressions in Login Fields
      • Copy a Website
      • Redirecting Users
    • Awareness Training
      • Awareness Template Customization
      • Awareness Only Campaigns
        • Using Multiple Awareness Trainings
      • Use extended method of tracking the end of the quiz
    • Reporting Plugin
      • Deploying Office 365
      • Deploying Outlook Native
      • Deploying Gmail
  • Application Screens Reference
    • Statistics Dashboard
    • Campaigns Dashboards
    • Campaigns
      • New Campaign
        • Wizard Mode
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Expert Mode
      • Campaign Settings
        • Configuration
          • Base Settings
          • Awareness Settings
          • Attack Settings
          • Schedule
            • Schedule Plan
          • Recipients
        • Advanced Settings
          • User Settings
          • Filters
          • Custom Fields
          • Reminders
        • Campaign Checks
        • Logs
        • Results
          • Summary
          • Statistics
          • Reports
          • Exports
    • Templates
      • Attack Templates
      • Awareness Templates
      • File Templates
      • Report Templates
      • Campaign Templates
      • Training Diploma
      • Download templates
      • Variables in Lucy
    • Users
      • Recipient Groups
      • End Users
      • End User Portal Settings
      • Administrative Users
      • Reputation Levels
    • Settings
      • Common System Settings
        • Domains
          • Supported TLDs
        • Firewall
        • Web Proxy
        • Mail Settings
        • SMTP Servers
        • SSL Settings
          • SSL for Campaigns
        • SMS Settings
        • Filter Settings
        • API Whitelist
          • API Routes
        • LDAP Servers
          • LDAP Sync Tool
        • LDAP Settings
        • Azure Applications
        • Azure AD Settings
        • SSO Configuration
      • Advanced System Settings
        • Advanced Settings
        • SSH Password
      • Submitted Email Settings
        • Custom Rules & Score Factors
        • Abuse Reports
        • Incident Autoresponder
        • Plugin Settings
      • Clients
        • Client Invoices
        • Client Invoice Settings
      • Backup and Restore
        • Backup Settings
      • Benchmark Sectors
      • Whitelabeling
      • File Browser
    • Incidents
    • Support
      • Status
        • Status
        • System Monitoring
        • System Health Check
        • Notifications
      • System Tests
        • Test Email
        • Performance Test
        • Spam Test
        • Mail Spoofing Test
        • Mail and Web Filter Test
      • System Logs
      • Manual
      • Update
      • Reboot
      • Mail Manager
      • Terms & Conditions
    • Account Settings
      • Two Factor Authentication
      • License
      • Invoices
    • Notifications
  • Release Notes
    • 5.4
    • 5.3.5
    • 5.3.4
    • 5.3.3
    • 5.3.2
    • 5.3.1
    • 5.3
    • 5.2.1
    • 5.2
    • 5.1
    • 5.0
    • Version 4
      • 4.14
      • 4.13
      • 4.12.1
      • 4.11
      • 4.10.1
      • 4.9.5
      • 4.9.2
      • 4.9.1
  • Legal
    • EULA
    • Privacy Policy
    • DPA, Customer and Partner Info
    • Service Level Agreement
    • Confidentiality of Campaign Data
  • When to Contact Us
    • Contact Technical Support
Powered by GitBook
On this page
  • Overview
  • HTTP & HTTPS Access Range
  • Custom Admin Port
  • Configuration Steps
  • Conclusion

Was this helpful?

  1. Application Screens Reference
  2. Settings
  3. Common System Settings

Firewall

PreviousSupported TLDsNextWeb Proxy

Last updated 1 year ago

Was this helpful?

Overview

Firewall settings in the Lucy are crucial for securing access to various services, including SSH, HTTP/HTTPS, and the admin panel.

Navigate to Settings -> Common System Settings -> Firewall

HTTP & HTTPS Access Range

  • Purpose: To define specific IP ranges that can access HTTP or HTTPS services. This is essential for controlling access to phishing simulations and the administrative GUI.

  • Configuration:

    • Include the IP range of your users to ensure they can access phishing simulations.

    • To restrict access to the admin GUI while running campaigns, enable HTTP only for campaigns and restrict HTTPS access.

Custom Admin Port

  • Purpose: To change the default port for accessing the Lucy administrative interface.

Admin Access IP Range

  • Purpose: To specify IP ranges allowed to access the Lucy admin panel, enhancing security by limiting access to authorized personnel only.

Configuration Steps

  1. Access Firewall Settings: Log in to the Lucy admin interface and navigate to your.lucydomain.com/admin/settings/firewall.

  2. Adjust Settings: Configure each setting according to your security requirements:

    • Enable SSH block if necessary.

    • Define IP ranges for HTTP/HTTPS access.

    • Set a custom admin port (if applicable).

    • Specify IP ranges for admin panel access.

  3. Save Changes: Ensure all configurations are saved properly.

I changed the Admin port but my firewall blocks access to that port

To revert the admin port in LUCY to 443 from a custom port (e.g., 8081), you need to access the system via SSH or directly. This process involves modifying Apache's configuration to stop listening on the custom port and ensure it listens on 443, removing specific virtual host configurations, resetting IP tables, updating the database to reflect the change, and finally restarting Apache to apply these changes. This procedure ensures the firewall no longer blocks access due to the custom admin port. Login via the terminal and execute these commands: cd /etc/apache2 nano ports.conf

comment two lines: #Listen 8081 #NameVirtualHost *:8081

Save and exit Press Ctrl+O+Enter and Ctrl+X to save&exit.

Change virtual host configuration nano sites-available/phishing-ssl edit the first line like to: <VirtualHost *:443>

Save & Exit Press Ctrl+O+Enter and Ctrl+X to save&exit.

Remove entries rm sites-enabled/phishing-ssl-extra rm sites-available/phishing-ssl-extra

Change IP-Tables iptables -F LUCY_ADMIN iptables -D INPUT -j LUCY_ADMIN iptables -X LUCY_ADMIN iptables -N LUCY_ADMIN iptables -I INPUT -j LUCY_ADMIN iptables-save

Update database

sudo -u postgres psql phishing -c "UPDATE system SET value=null WHERE name='admin_port'"

Restart Apache service apache2 restart

Conclusion

Properly configuring firewall settings is essential for securing your Lucy Security Awareness application against unauthorized access. By carefully setting up access controls for SSH, HTTP/HTTPS services, and the admin panel, you can maintain a secure environment for both your phishing simulations and administrative operations.