Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 46 subscribers
  • Views 4816 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Portal disabled across multiple XG firewalls by CLI user

S248

This morning we found many of our XG firewalls had the User Portal disabled on the WAN zone, causing problems for users trying to download the VPN client while working remotely. Anyone else experience this issue? How are you providing users with the ability to download the VPN client when they are not in the office?



This thread was automatically locked due to age.
Parents
  • +1

    Hi S248

    As a general best security practice to reduce attack surface wherever possible, Sophos recommends disabling any unused services on the WAN interface.

    Until recently, the user portal was enabled on the WAN interface by default for XG firewall. From v17.5 MR12 and v18 MR1 the default value was changed from enabled to disabled for the brand new installs. For any customer upgrading an existing deployment to these releases (or later), the current settings remained unchanged.

    In a recent hotfix, Sophos performed a one-time update to disable the User Portal on the WAN interface if it was not actively being used by customers. This determination was made on-box.

    If it has been disabled, and you actively need/use it, please enable it and it will remain enabled.

  • 0 in reply to PMParth

    Ok.  But we need far more explanations on what's happening behind the scene to first judge if that was necessary.  But also, and most importantly ascertain risks we face if we ever put Users Portals enabled again.

    The CVE linked posted by Sophos is actually inexistent.

    We can’t work blinded that way.

    Paul Jr

Reply
  • 0 in reply to PMParth

    Ok.  But we need far more explanations on what's happening behind the scene to first judge if that was necessary.  But also, and most importantly ascertain risks we face if we ever put Users Portals enabled again.

    The CVE linked posted by Sophos is actually inexistent.

    We can’t work blinded that way.

    Paul Jr

Children
No Data
Unfiltered HTML