Console (CLI) access
I notice that I can access the device console (CLI) only via ssh/ web admin page if I am logged in as user "admin" which is the default user ID. Following are my thoughts on XG access I think would be good when looking from a security angle.
1. It would be great if non-default user with Administrator profile would also be able to access the CLI(SSH). (It is always advisable to use non-default administrator IDs for device management.)
2. This one is connected to suggestion above. The new administrator should be able to disable the default Administrator user "admin".
This violates PCI-DSS and also runs counter to the view of NIST on the use of privileged accounts.