Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Safe for external GUI admin login access enabled?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      I was wondering if it is considered safe to have external  GUI admin access enabled?
      If I have a strong password of course. Do others have theirs open to external access?

      I have it disabled right now, so the only way to access the admin/gui is from inside my network.

      thanks

      1 Reply Last reply Reply Quote 0
      • M
        mr_bobo
        last edited by

        I don't need remote access so I have the custom port I assigned to it blocked by a WAN rule.

        1 Reply Last reply Reply Quote 0
        • T
          tim.mcmanus
          last edited by

          I VPN into the network or RDP to a LAN machine.  Port is only open via the LAN.

          1 Reply Last reply Reply Quote 0
          • E
            esnakk
            last edited by

            I would defenately NOT recommend to allow external access to GUI on WAN.

            If you can not do as others have suggested before me (VPN etc) and you have to connect externally somehow I would recommend that you at least create an access list and only allow traffic from a small number of known IP addresses. You could combine this with the use of 'denyhosts' or similar techniques to auto block after three failed login attempts or similar.

            Better safe than sorry. Best is not open anything that you do not really need and to only use secure methods/protocols/configurations, for example if you allow SSH from any to one of your boxes behind the firewall and do not use denyhosts you indirectly allow anybody to gain access to a machine behind the firewall, from this machine they can compromise your entire network (including firewalls) whichs is even worse than "just" allowing anobody to access your GUI on WAN.

            –
            Cheers,
            E

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              So is it accepted to create a VPN server on the pfsense computer, that you login to first?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.