S4048-ON Limit SSH and HTTP to management IP

Hello we are implementing an internet solution from our data center that provides us with a /29 for our connection and an additional /26 with one of the /29 ip's as the next hop.  The solution requires us to use VRRP for the next hop ip.  Our Sonicwall NSA routers do not support VRRP so we are planing on using our S4048's do this.  I was able to implement the below config on both switches and route internet traffic properly.

interface Vlan ZZZ
description "Public Network"
ip address x.x.x.101/29
ip address y.y.y.130/26 secondary
tagged TenGigabitEthernet 1/14,1/40
untagged TenGigabitEthernet 1/39
!
vrrp-group 10
priority 200
virtual-address x.x.x.100
virtual-address y.y.y.129
no shutdown
!
ip route 0.0.0.0/0 x.x.x.97 2 permanent
!

The issue I am facing is since these IP's are public IPs the http server and I am assuming ssh and any other management protocol enabled on these switches is now accessible on the public internet.  What I have not been able to figure out ,after reading the manual several times, is how I would go about limiting these to just respond on our management interface.

Any advice here would be great.  (public IPs masked for security, and i have shutdown the interfaces connecting to the public internet for now)