User manual
Firewall
84
Administration services
The following figure shows the Administration Services page:
Figure 6-1
By default the CyberGuard SG appliance runs a web administration server and a telnet
service. Access to these services can be restricted to specific interfaces. For example,
you generally want to restrict access to the Web Management Console web
administration pages (Web Admin) to machines on your local network. Disallowing all
services is not recommended, as this will make future configuration changes impossible
unless your CyberGuard SG appliance is reset to the factory default settings.
Warning
If you do want to allow administrative access on interfaces other than the LAN, there are
several security precautions you should take. See the note in the next section for details.
Also consider remote administration using a VPN connection as an alternative to opening
a hole in the firewall, PPTP in particular is well suited to this task.
You can also select to accept ICMP messages on the Internet port. For example, if you
disallow echo requests (the default for increased security), your CyberGuard SG
appliance will not respond to pings on its Internet port. Destination unreachable ICMP
messages are always accepted.