This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Admin On Red - How To Disable

I've had some clown this morning in the last 7 hours attempt multiple times to gain entry to the web admin panel on our Sophos UTM9 firewall. I didn't think Sophos would be silly enough to put the web admin panel login ability on red (interface), good thing it's a decent password.

We use the Sophos VPN client to gain internal access so don't actually need anything really on the external side and whilst I've looked I can't find anywhere that would lockout the admin login to red.

Could someone please tell me if it's possible and where the setting would be located. I've upped the lockout to 2 tries / 2 hours lockout / drop locked out packets but I'd rather have a cure than prevention.

This thread was automatically locked due to age.

Top Replies

Vivek Jagad 10 months ago +1 verified

Hello Glen O'Riley , Thank you for reaching out to the community, you can limit the access by controlling allowed networks, as illustrated in the screenshot below: The Allowed Networks box lets you define…

Parents

+1 Vivek Jagad 10 months ago

Hello Glen O'Riley ,

Thank you for reaching out to the community, you can limit the access by controlling allowed networks, as illustrated in the screenshot below:

The Allowed Networks box lets you define the networks that should be able to connect to the WebAdmin interface. For the sake of a smooth installation of Sophos UTM, the default is Any. This means that the WebAdmin interface can be accessed from everywhere. Change this setting to your internal network(s) as soon as possible. The most secure solution, however, would be to limit the access to only one administrator PC through HTTPS. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

+1 Vivek Jagad 10 months ago

Hello Glen O'Riley ,

Thank you for reaching out to the community, you can limit the access by controlling allowed networks, as illustrated in the screenshot below:

The Allowed Networks box lets you define the networks that should be able to connect to the WebAdmin interface. For the sake of a smooth installation of Sophos UTM, the default is Any. This means that the WebAdmin interface can be accessed from everywhere. Change this setting to your internal network(s) as soon as possible. The most secure solution, however, would be to limit the access to only one administrator PC through HTTPS. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 Glen O'Riley 10 months ago in reply to Vivek Jagad

Well now I do feel like a dunce as I looked through there numerous times amongst others and somehow managed to miss that. Now I see it I'm Homer DOH'ing and slapping.

Thank you for pointing out the obvious that I managed to somehow miss and yes that makes sense being any when setting up as you won't know which int is red vs green.

We're not likely to have a security issue internally where someone will be banging their head against the admin interface though in a corporate environment you would want to be limiting to a group at least.

I'm aware of definitions, we use them to state machine names so the weekly report can tell us which child used the most downloads to get a boot (not unlimited internet still here). We also use them to single tick knock off ALL devices for each particular child when they haven't done chores, along with nuking the non defined clients in the DHCP pool (guests). It stops unwanted whoring of our internet when we haven't allowed someone.

Again, thank you.
Cancel
Vote Up 0 Vote Down

Cancel