We recently failed our PCI compliance scan. The culprit seems to be our UTM 9's ability to be accessed remotely. How do I disable the remote access from the internet on this equipment. I'm not a tech guy. Please explain as if I'm 5 years old!
Hi Ron,
PCI compliance check has to be done with approved scanning vendors by PCI security standards council to comply with the latest PCI framework requirement. Hence non-approved external PCI scanners may not comply with PCI framework due to their lack of testing against known CVE in the deployed Sophos UTM.
If you ar looking for what CVEs have been fixed then you can find them in the release note in the blog section of the UTM forum.
To see a list of approved scanning vendors refer the link below:
https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors
To disable the remote access, simply turn off the configured remote access policies which should do the job.
Thank You
Sachin Gurung Team Lead | Sophos Technical Support Knowledge Base | @SophosSupport | Video tutorials Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.