The BM39-Server on NW65 has IManager on board and all the other administration-services.

The private side is on 172.16.x.x, the public side on 10.x.x.x.

Yesterday when doing some configuration on the outside (10.x.x.x) at the load-balancing-router I found the BM39-Server-Portal reachable from the outside. Remote Manager did not work (unable to reach), but IManager was fine. Since https and http is supposed to pass with our exceptions, my surprise was only small, but on the other hand I would like to have this blocked.

What would be the best approach for this?