Safe for external GUI admin login access enabled?

Reply to Safe for external GUI admin login access enabled? on Sun, 24 Mar 2013 05:06:57 GMT

[[global:guest]] — Sun, 24 Mar 2013 05:06:57 GMT

So is it accepted to create a VPN server on the pfsense computer, that you login to first?

Reply to Safe for external GUI admin login access enabled? on Fri, 22 Mar 2013 14:25:49 GMT

esnakk — Fri, 22 Mar 2013 14:25:49 GMT

I would defenately NOT recommend to allow external access to GUI on WAN.

If you can not do as others have suggested before me (VPN etc) and you have to connect externally somehow I would recommend that you at least create an access list and only allow traffic from a small number of known IP addresses. You could combine this with the use of 'denyhosts' or similar techniques to auto block after three failed login attempts or similar.

Better safe than sorry. Best is not open anything that you do not really need and to only use secure methods/protocols/configurations, for example if you allow SSH from any to one of your boxes behind the firewall and do not use denyhosts you indirectly allow anybody to gain access to a machine behind the firewall, from this machine they can compromise your entire network (including firewalls) whichs is even worse than "just" allowing anobody to access your GUI on WAN.

Reply to Safe for external GUI admin login access enabled? on Fri, 22 Mar 2013 01:22:34 GMT

tim.mcmanus — Fri, 22 Mar 2013 01:22:34 GMT

I VPN into the network or RDP to a LAN machine. Port is only open via the LAN.

Reply to Safe for external GUI admin login access enabled? on Thu, 21 Mar 2013 22:34:43 GMT

mr_bobo — Thu, 21 Mar 2013 22:34:43 GMT

I don't need remote access so I have the custom port I assigned to it blocked by a WAN rule.