Shopping Cart

No products in the cart.

Setting up Avanet support access to Sophos Firewall

To ensure that Avanet support can securely access your Sophos Firewall and help you quickly and effectively if necessary, a few precautions are necessary. These steps ensure that only authorized Avanet employees have access and at the same time increase the security of your firewall.

1. create user account

To create a new user account for Avanet Support, proceed as follows:

Sophos Firewall - Add a new user
Sophos Firewall – Neuen Benutzer hinzufügen
Sophos Firewall - Enter data for new users
Sophos Firewall – Benutzerdaten erfassen
  • Register at Sophos Firewall.
  • Navigate to Configure → Authentication → Users.
  • Click on Add to create a new user.
  • Enter the following data:
    • Username: avanet
    • Name: Avanet
    • User type: Administrator
    • Profiles: Administrator
    • Enter a secure password in the Password field (an Avanet technician will change this password the first time you log in anyway).
    • Email: noreply@avanet.local
  • Click on Save to create the user.

2. create FQDN host for IP restriction

To ensure that only Avanet employees have access to your firewall, an FQDN host is created that only allows Avanet IP addresses:

Sophos Firewall - Add FQDN host
Sophos Firewall – FQDN hinzufügen
Sophos Firewall - Add FQDN Host support.avanet.com
Sophos Firewall – Avanet Support IPs hinzufügen
  • Navigate to System → Hosts and services → FQDN host.
  • Click on Add.
  • Enter the following information:
    • Name: support.avanet.com
    • FQDN: support.avanet.com
  • Click on Save to create the FQDN host.

3. create ACL rule for access

This ACL rule ensures that only Avanet has access to the relevant services on your firewall:

  • Navigate to System → Administration → Device access.
  • Click on Add to add a new rule.
  • Enter the following values:
    • Rule name: Avanet-Support
    • Rule position: Bottom
    • IP version: IPv4
    • Source zone: Any
    • Source Network / Host: support.avanet.com (the previously created FQDN host)
    • Destination host: Any
    • Services: HTTPS, Ping/Ping6, SSH
    • Action: Accept
  • Confirm with Save to create the rule.

4. store SSH public key for secure access

Sophos Firewall - Store public key for SSH access
Sophos Firewall – Public Key hinzufügen

SSH access via public key additionally increases security by ensuring that only authorized persons have access to the firewall. To store the Avanet public key, proceed as follows:

  • Navigate to System → Administration → Device access.
  • Scroll down to the Public key authentication for admin section.
  • Activate the Enable authentication option.
  • Click on the plus (+) symbol in the Authorized keys field.
  • Copy and paste the public key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCktco/uC29KdU+Hf7GjcYXFumGJvt11MPxhdpnYA2XVEbnsI9r/XrW9J9K2ugvVGNoOD4IlN/bWZ1z3W6UqFKGgHUYkQu2h+0PFzP5I12Pu9I/3qIWwOhdA2j523FzneGQFptNCHHLQwma/zYJJwcVqsiJo/mg6W8jUbS30jFP6zDJvGRzbA2ATC7XzGNfa/CYr/AKoqdvm87RThOT7uh86w39x9VQTZH7d217K2UVuUrSppvnRaw5NCwukamWDDs8EtsVIFNkkxMl/SdJTC1SOSfO6mw8erXm1RhmNT5+wN/87f+DQioQPuWSrC3EHkgqw9BjoU3aLtYUw9AAItf6jJeUnZBfBCeJ1fJAzYpR8STdbaI8RXP1QMOr4omtmCakfnEH8kZ1BAYXxVzrJBXQ+sDVLZtWNDPqg8jIpdJ6bRNk/m7B+LAwsofHVLH1VSxoOEYdJGQvPfwonqo2JR+vosYhoHG89eh5EL/X9z5amvfVCShf6icstYwmaUmT/9lUTd8tkJZeTxNoezyspHhMryfB93653vb6wPS/n0ITkfu6rSfSrE1A1Y1dD5QtsFF6oEZxPqo8qQajtGhI3vZdHZSx53PqFqInra75xFHc+EjEsoLjt2wQdHr+ttEKvfrjfQmyXaWzqqE6bxmbbcMPtqY+pzMf83nEGwepJka0uw==
  • Confirm with Apply.

After these steps, the setup is complete. Avanet Support now has secure and restricted access to your Sophos Firewall and can provide efficient assistance if required. Let the support team know your public IP for access.