This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I disable remote access to my UTM 9?

We recently failed our PCI compliance scan.  The culprit seems to be our UTM 9's ability to be accessed remotely.  How do I disable the remote access from the internet on this equipment.  I'm not a tech guy. Please explain as if I'm 5 years old!



This thread was automatically locked due to age.
Parents
  • Hi Ron,

    PCI compliance check has to be done with approved scanning vendors by PCI security standards council to comply with the latest PCI framework requirement. Hence non-approved external PCI scanners may not comply with PCI framework due to their lack of testing against known CVE in the deployed Sophos UTM. 

    If you ar looking for what CVEs have been fixed then you can find them in the release note in the blog section of the UTM forum.

    To see a list of approved scanning vendors refer the link below:

    https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors

    To disable the remote access, simply turn off the configured remote access policies which should do the job.

    Thank You

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Hi Ron,

    PCI compliance check has to be done with approved scanning vendors by PCI security standards council to comply with the latest PCI framework requirement. Hence non-approved external PCI scanners may not comply with PCI framework due to their lack of testing against known CVE in the deployed Sophos UTM. 

    If you ar looking for what CVEs have been fixed then you can find them in the release note in the blog section of the UTM forum.

    To see a list of approved scanning vendors refer the link below:

    https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors

    To disable the remote access, simply turn off the configured remote access policies which should do the job.

    Thank You

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data