Sophos Ideas / XG Firewall

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

← XG Firewall

Ability to change default Admin username

Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

374 votes
Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Under Review  ·  AdminAlan (Sr. Product Manager, Sophos Features & Ideas Laboratory) responded  · 

This is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.

This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.

Second, you will be able to disable or demote the named admin account.

14 comments

Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Is this slated to be an option in the near future? Seems a bit odd that it is unable to be changed .

  • Jason commented  ·   ·  Flag as inappropriate

    I can't think of a single piece of hardware/software that we use that doesn't allow us to rename or delete the default account. Sophos does understand that it is a basic security practice to do this? You lose credibility as a security provider when you don't allow basic security practice in your own products.

  • John commented  ·   ·  Flag as inappropriate

    Please implement this as soon as possible. Its part of our security audit. We may have to look elsewhere if we're not able to do this soon.

  • Craig commented  ·   ·  Flag as inappropriate

    I strongly support the implementation of all of these features. As its been 2 years now it would be great to get an update as to where this is on the roadmap.

  • Arie commented  ·   ·  Flag as inappropriate

    Not being able to change the default user name is arguably a violation of PCI-DSS.

  • Saulius Baužinskas commented  ·   ·  Flag as inappropriate

    It is hard to believe security product does not have a rudimentary security feature like renaming default admin user. AND, this user is not even listed in general users list! We were ******* heads as to how to change this user after accidentally discovering it works.

    @Sophos, what status is this feature request in? Please update.

  • Cameron Slade commented  ·   ·  Flag as inappropriate

    I agree whole heartedly. On every device we manage, we always change default the admin account name. This is a must have.

  • Anonymous commented  ·   ·  Flag as inappropriate

    All of our equipment is configured with the same non "admin" user account.
    This is annoying that we can't make it the same as our other equipment.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Access to WebGUI and CLI using Telnet/SSH over WAN can be restricted to certain public IP addresses using WAN-Local firewall rule under the Source Networks and Services

  • lferrara commented  ·   ·  Flag as inappropriate

    I agree.
    Also user used to access CLI should be different than the one used from Web Admin.

XG Firewall: Base System + General UI

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.