Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to prevent default ADMIN account being accessed remotely via either VPN or WAN interface ?

J Thai

Hello everyone,

I want no external entities can access the default admin account remotely either via VPN or WAN. Has this been implemented by default or do I have to change the settings ?

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Please use the entires in the administration page.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    beside the default admin account, I have also set up another admin account with MFA activated. By unchecking all the boxes in the WAN & VPN rows, can I still access to that admin account remotely ?

    If not, then how can I do it without granting remote accessibility to the default admin account ?

  • 0 in reply to J Thai

    You should disable WAN everything. Use Central to access Webadmin in a secure manner. 

    Enable MFA for your Admin User. Enable the Password guessing as well. 

    Use a very complex password for "admin" and use SSH Keys for access the SSH internally. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So, I get it that I can not prevent the default admin account from being accessed remotely if I allow the other one to be so, can I ? Thus, the safest way is to enforce MFA input codes for all the accounts including the default admin one ?

    In addition, how do I get the SSH keys if I am using PuTTY to access the XG's terminal ?

  • 0 in reply to J Thai

    You should disable the entire access (reduce the attack surface). Then enable MFA.

    SSH Keys can be generated by tools like puttygen. You find a lot of guides how to do this. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to J Thai

    You should disable the entire access (reduce the attack surface). Then enable MFA.

    SSH Keys can be generated by tools like puttygen. You find a lot of guides how to do this. 

    __________________________________________________________________________________________________________________

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?