Ability to change default Admin username
Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.
This is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.
This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.
Second, you will be able to disable or demote the named admin account.
Is this slated to be an option in the near future? Seems a bit odd that it is unable to be changed .
I can't think of a single piece of hardware/software that we use that doesn't allow us to rename or delete the default account. Sophos does understand that it is a basic security practice to do this? You lose credibility as a security provider when you don't allow basic security practice in your own products.
Matt Healey commented
Great, so exactly what UTM has had for a decade...
Please implement this as soon as possible. Its part of our security audit. We may have to look elsewhere if we're not able to do this soon.
I strongly support the implementation of all of these features. As its been 2 years now it would be great to get an update as to where this is on the roadmap.
Parham Pour Khosravy commented
2fa for admin too please, next gen firewall need 2fa guys 😉
Not being able to change the default user name is arguably a violation of PCI-DSS.
Saulius Baužinskas commented
It is hard to believe security product does not have a rudimentary security feature like renaming default admin user. AND, this user is not even listed in general users list! We were ******* heads as to how to change this user after accidentally discovering it works.
@Sophos, what status is this feature request in? Please update.
Enable the ability to rename the admin user
Cameron Slade commented
I agree whole heartedly. On every device we manage, we always change default the admin account name. This is a must have.
Martin Damgaard commented
And, also the posibility to add more admin users. AND log who have changed what setting!
All of our equipment is configured with the same non "admin" user account.
This is annoying that we can't make it the same as our other equipment.
Access to WebGUI and CLI using Telnet/SSH over WAN can be restricted to certain public IP addresses using WAN-Local firewall rule under the Source Networks and Services
Also user used to access CLI should be different than the one used from Web Admin.