According to SQL injection vulnerability KBA135412; securing admin access.

Hi Can carmack 

Please refer to the same KBA as we have updated it with the latest information - https://community.sophos.com/kb/en-us/135412, It would provide all relevant information regarding additional steps and hotfixes released for this and other information, I would request you to read the article to get more information. You can access the device by VPN, the information is available in the article.

Thank you for KB, how to make access from external network safest way?
Integrate to Cloud or Connect Client or any other secure way?

Hi Can carmack 

You may create a Local ACL Exceptionrule to allow specific public IP to access the device with specific service - https://community.sophos.com/kb/en-us/132814#Local%20Service%20ACL%20Exception%20Rule

You can access it by connecting VPN and enable HTTPS access for VPN zone from device access.

Thanks Keyur, defined acl for fixed ip.
But alot of times, had to access through cell phones so ips are not fixed.

Shall we access administration after through sslvpn?

Hi Can carmack 

You can access it through SSL VPN as well if you want you can create different admin profile and share them with the specific users you want to allow access to specific module - https://community.sophos.com/kb/en-us/126703