Just applied 9.206-35 via the web interface and it seemed to work fine, however when I open the UTM console it now states that the webadmin interface has flipped from the LAN side to the WAN side. I can still access the web interface from the LAN side as well. In my security view is this a huge security issue since at the initial setup it was crystal clear that the LAN interface was going to be the webadmin interface.
In order to ensure that I have done everything I can to properly secure I checked the webadmin access controls and I did find that the "Allowed Networks" was set to "Any". This should never have been a default configuration but the sophos folks might prioritize communication over security. I did proceed to modify this setting to only the LAN network but to my surprise this didn't change the fact that the webadmin interface is accessible from the WAN. I guess communication out ways security at Sophos.
Any real explanations of why this is the case?
This thread was automatically locked due to age.
