Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How / is the built-in 'Support Access' function protected to ensure no-one but Sophos can access?

ptho

Hi All,

I understand that turning Support Access on allows Sophos to connect in for support-related works etc., but is this functionality secured so that only Sophos can make use of this access by way of only accepting connections from known Sophos Support IP addresses, etc.?

Many Thanks



This thread was automatically locked due to age.

Top Replies

  • FormerMember
    FormerMember +1 suggested

    Hi ptho,

    Thank you for reaching out to Sophos Community.

    Enabling 'Support Access' does not allow WebAdmin access publicly. Only Sophos Support team can access the WebAdmin console(GUI) and shell of the Sophos Firewall device.

    Click here to know more information on 'Support access'.

    Jump to answer
Parents
  • 0

    When you enable support access the firewall will create a SSH tunnel over:

    utm@54.228.158.66

    On Port 22.

    Apparently It also creates some temporary files for known hosts, and keys, which are deleted after you disable the support access.

    -o UserKnownHostsFile=/tmp/uma_known_hosts
-i /tmp/uma_host.priv

    Meanwhile when It's creating the SSH Tunnel It will do a port forward of: 

    -L localhost:22022:localhost:4223

    If someone else can dig in to this, I would be grateful. (if you're allowed.)

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    If you need security insight into this, please feel free to contact your local Sales rep to get legal in touch. But assuming this is already stated in the Sophos docs: www.sophos.com/.../sophos-end-user-license-agreement.aspx

    __________________________________________________________________________________________________________________

Reply Children
No Data