How to prevent default ADMIN account being accessed remotely via either VPN or WAN interface ?

Please use the entires in the administration page.

Ian

beside the default admin account, I have also set up another admin account with MFA activated. By unchecking all the boxes in the WAN & VPN rows, can I still access to that admin account remotely ?

If not, then how can I do it without granting remote accessibility to the default admin account ?

You should disable WAN everything. Use Central to access Webadmin in a secure manner. 

Enable MFA for your Admin User. Enable the Password guessing as well. 

Use a very complex password for "admin" and use SSH Keys for access the SSH internally. 

So, I get it that I can not prevent the default admin account from being accessed remotely if I allow the other one to be so, can I ? Thus, the safest way is to enforce MFA input codes for all the accounts including the default admin one ?

In addition, how do I get the SSH keys if I am using PuTTY to access the XG's terminal ?

So, I get it that I can not prevent the default admin account from being accessed remotely if I allow the other one to be so, can I ? Thus, the safest way is to enforce MFA input codes for all the accounts including the default admin one ?

In addition, how do I get the SSH keys if I am using PuTTY to access the XG's terminal ?

You should disable the entire access (reduce the attack surface). Then enable MFA.

SSH Keys can be generated by tools like puttygen. You find a lot of guides how to do this. 

I was skeptical of Sophos Central when LuCar recommended it to me, but I've come to really like it. Simple, central, secure. I would never allow any access from the WAN to any admin account, MFA or not. All it takes is one bug in the admin access (which has happened before) and you're compromised and MFA may not matter.