This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Admin On Red - How To Disable

I've had some clown this morning in the last 7 hours attempt multiple times to gain entry to the web admin panel on our Sophos UTM9 firewall. I didn't think Sophos would be silly enough to put the web admin panel login ability on red (interface), good thing it's a decent password.

We use the Sophos VPN client to gain internal access so don't actually need anything really on the external side and whilst I've looked I can't find anywhere that would lockout the admin login to red.

Could someone please tell me if it's possible and where the setting would be located. I've upped the lockout to 2 tries / 2 hours lockout / drop locked out packets but I'd rather have a cure than prevention.

This thread was automatically locked due to age.
  • I attempted to make a block rule but apparently there's something somewhere else still enabling it.

    I used ANY > External Address : WebAdmin and drop but it's still allowing packets.

  • Hello  ,

    Thank you for reaching out to the community, you can limit the access by controlling allowed networks, as illustrated in the screenshot below:

    The Allowed Networks box lets you define the networks that should be able to connect to the WebAdmin interface. For the sake of a smooth installation of Sophos UTM, the default is Any. This means that the WebAdmin interface can be accessed from everywhere. Change this setting to your internal network(s) as soon as possible. The most secure solution, however, would be to limit the access to only one administrator PC through HTTPS. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

    Thanks & Regards,

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case

    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Well now I do feel like a dunce as I looked through there numerous times amongst others and somehow managed to miss that. Now I see it I'm Homer DOH'ing and slapping.

    Thank you for pointing out the obvious that I managed to somehow miss and yes that makes sense being any when setting up as you won't know which int is red vs green.

    We're not likely to have a security issue internally where someone will be banging their head against the admin interface though in a corporate environment you would want to be limiting to a group at least.

    I'm aware of definitions, we use them to state machine names so the weekly report can tell us which child used the most downloads to get a boot (not unlimited internet still here). We also use them to single tick knock off ALL devices for each particular child when they haven't done chores, along with nuking the non defined clients in the DHCP pool (guests). It stops unwanted whoring of our internet when we haven't allowed someone.

    Again, thank you.