Device access

Device access allows you to limit administrative access to certain services from custom and default zones (LAN, WAN, DMZ, VPN, Wi-Fi).

  1. Local service ACL: The device carries a default ACL (access control list) when connected and powered on for the first time. Details of the default services and ports are given below. Click to enable or disable access to the services from the specified zones.
    Admin services
    LAN and Wi-Fi zones: HTTPS (TCP port 4444), Telnet (TCP port 23) and SSH (TCP port 22)
    WAN zone: HTTPS (TCP port 443), Telnet (TCP port 23) and SSH (TCP port 22)
    Authentication services
    LAN and Wi-Fi zones: Client authentication (UDP port 6060), captive portal authentication (TCP port 8090) and RADIUS SSO.
    Network services
    LAN, WAN, and Wi-Fi zones: Ping/Ping6 and DNS
    Other services
    LAN and Wi-Fi zones: Wireless protection, web proxy and SMTP relay
    LAN, WAN, DMZ and Wi-Fi zones: SSL VPN (TCP port 8443)
    LAN and WAN zones: User portal and dynamic routing
    LAN, DMZ, VPN and Wi-Fi zones: SNMP
    Note User authentication services are required in order to apply user-based internet surfing, bandwidth, and data transfer restrictions. These are not required for administrative functions.
  2. Local service ACL exception rule: You can allow access to the device’s admin services from specified networks/hosts. A list of all the configured rules is displayed.
    Once you upgrade SFOS v15 to v16:
    • If HTTP was enabled in SFOS v15, all HTTP requests are redirected to HTTPS.
    • HTTP rules in which the action is set to Drop are deleted.
  3. Default admin password settings:
    1. Change the default password as soon as you deploy the device.
      Note The device is shipped with a default super admin with the username and password set to admin. You can access the web admin console and CLI with these credentials. This administrator is authenticated locally by the device.
    2. Click Reset to default to restore the factory default password.
  4. Public key authentication
    1. Turn on Public key authentication for admin to allow access to the command line interface (CLI) using the SSH key.
      Note Only admin and support users can add an SSH sign-in key without authentication. All other users are required to provide a password for authentication before adding an SSH key.
    2. Add the list of Authorized keys for admin. Generate these SSH keys using SSH client tools (example: PuTTY).