Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 5375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

xg-210 blocking ssh on wan

Ibrahim salim Omari

greetings,

I can't seem to find a way to block ssh to the xg from the internet.

I was able to manually write the 2 line rule on the command line but of course that's very short lived.

How can I achieve blocking ssh from the internet?

This is a concern because I just noticed constant denials  of ssh requests coming to the firewall.

All were blocked of course but It's possible that someone may just happen to "guess" the password. So I want to block all requests before the password prompt even comes.

But I would also like to be able to ssh in myself using ssh keys and no password.

Is this scenario possible? And if so, how?

 

Thanks

iomari



This thread was automatically locked due to age.
Parents
  • 0

    Go to System -> Administration -> Device Access.

    Under Local Service ACL UNCHECK SSH access for WAN

    Then add a rule under Local Service ACL Exception Rule with the following settings:

    - Source Zone:WAN

    - Network/Host: Your public IP

    - Services: The services you want to access via the WAN (HTTPS (GUI), SSH, etc)

    - Action: Accept

    This should do the trick

     

Reply
  • 0

    Go to System -> Administration -> Device Access.

    Under Local Service ACL UNCHECK SSH access for WAN

    Then add a rule under Local Service ACL Exception Rule with the following settings:

    - Source Zone:WAN

    - Network/Host: Your public IP

    - Services: The services you want to access via the WAN (HTTPS (GUI), SSH, etc)

    - Action: Accept

    This should do the trick

     

Children
No Data