During a support ticket it may be necessary for the supporter to request SSH and Webadmin access to the customer device.
This article describes the possible access information that Sophos support will ask for, and how to reset these settings after resolving the support ticket. The following sections are covered:
Applies to the following Sophos products and versions Sophos XG Firewall (SFOS)
Sophos support could request the following access information:
With the Access ID the customer can easily provide Webadmin access to the Support.
It can be activated and deactivated under: Monitor & Analyze | Diagnostics | Support access
Please deactivate the Access ID once it is no longer needed by Support. The Access ID also expires automatically after the specified number of days.
Under certain circumstances, it may be necessary to gain access via the external IP address of the Sophos Firewall using passwords.
In this case, Sophos Support will request the password for the admin user. It is also necessary to create a local service ACL exception rule to limit access from Sophos support networks.
Please note that we do not store any access details in our database.
Please change the admin password after the problem is solved on the Webadmin and remove the local service ACL exception rule.
Change admin password:
System | Administration | Device Access | Default admin password settings
Remove the local service ACL exception rule:
System | Administration | Device Access | Local service ACL exception rule
In most cases, Sophos support will request SSH access via public key authentication.
In this case, Sophos Support will add or send the customer the public SSH Key. It is also necessary to create a local service ACL exception rule to limit access from Sophos support networks.
Please delete unknown SSH keys on the webadmin after your problem is solved and remove the local service ACL exception rule.
Remove the SSH Key:
System | Administration | Device Access | Public key authentication for admin
Remove the local service ACL exception rule: System | Administration | Device Access | Local service ACL exception rule
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.