This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - Weak End System Model?

Hey,

I have recently been researching Rebind Attacks - that is attacks that allow internal clients to access services on external WAN interface regardless of firewall rules.

All the details are in this vid https://youtu.be/0duYxPIx8gU

It seems Sophos UTM is susceptible to this. My internal clients can access the management interfaces regardless of firewall rules. Could someone from Sophos comment?

This thread was automatically locked due to age.

0 BarryG over 10 years ago

Hi, access to WebAdmin is configured in Management->Webadmin settings; see 'Allowed Networks'.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Jintel, the reason that Barry made the above comment is that the firewall rules for things like User Portal, Web Admin, VPNs, proxies, etc. are not visible in WebAdmin and those rules are applied before any manual rules you make. The UTM definitely is not open to Rebind attacks unless the admin specifically configures it to be.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonL over 10 years ago

Thanks for your replies. My 'Allowed Networks is currently configured to allow internal and VPN networks to manage the UTM. I'll test it out and report back.
Cancel
Vote Up 0 Vote Down

Cancel