{"id":167656,"date":"2025-02-24T21:18:07","date_gmt":"2025-02-24T20:18:07","guid":{"rendered":"https:\/\/www.avanet.com\/kb\/sophos-firewall-set-up-support-access-for-avanet\/"},"modified":"2025-02-24T21:19:06","modified_gmt":"2025-02-24T20:19:06","slug":"sophos-firewall-set-up-support-access-for-avanet","status":"publish","type":"kb","link":"https:\/\/www.avanet.com\/en\/kb\/sophos-firewall-set-up-support-access-for-avanet\/","title":{"rendered":"Sophos Firewall &#8211; Set up support access for Avanet"},"content":{"rendered":"\n<p>In this knowledge base article, you will learn step by step how to set up support access for Avanet on your Sophos Firewall. To do this, you create a new user, allow access via HTTPS and SSH (only from the Avanet IP or DNS host) and add a public SSH key if required. <\/p>\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Topics<\/h2><nav><ul><li class=\"\"><a href=\"#dd\">Add user &#8220;avanet<\/a><\/li><li class=\"\"><a href=\"#fqdn-host-fur-support-avanet-com-anlegen\">Create FQDN host for support.avanet.com<\/a><\/li><li class=\"\"><a href=\"#3-local-service-acl-exception-rule-einrichten\">Set up Local Service ACL Exception Rule<\/a><\/li><li class=\"\"><a href=\"#public-ssh-key-hinzufugen-optional\">Add public SSH key (optional)<\/a><\/li><li class=\"\"><a href=\"#faq\">FAQ<\/a><ul><li class=\"\"><a href=\"#faq-question-1740426934138\">What happens if the IP address behind support.avanet.com changes?<\/a><\/li><li class=\"\"><a href=\"#faq-question-1740426962040\">Do I have to open other ports apart from HTTPS (443) and SSH (22)?<\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#ssh-key\">Add SSH key<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2 class=\"wp-block-heading\" id=\"dd\"><strong>Add user &#8220;avanet<\/strong><\/h2>\n\n<p>1. <strong>open the &#8220;Authentication&#8221; menu<\/strong><\/p>\n\n<p>Click on <strong>Authentication<\/strong> in the left navigation and then on <strong>Users<\/strong>.<\/p>\n\n<p>2. <strong>create new user<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-9d4d161\" data-block-id=\"9d4d161\"><style>.stk-9d4d161 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167651\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-scaled.jpg\" width=\"2560\" height=\"1920\" alt=\"Sophos Firewall - Add users with administrator authorizations\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-2048x1536.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-admin-user-64x48.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Firewall &#8211; Benutzer mit Administratoren Berechtigungen hinzuf\u00fcgen<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li>Click on <strong>Add<\/strong>.<\/li>\n\n\n\n<li>For example, enter avanet under <strong>Username<\/strong>.<\/li>\n\n\n\n<li>Enter Avanet for <strong>Full name<\/strong>.<\/li>\n\n\n\n<li>Set <strong>profiles<\/strong> to <strong>Administrator<\/strong> so that Avanet has full rights.<\/li>\n\n\n\n<li>Set a secure password under <strong>Password<\/strong>.<\/li>\n\n\n\n<li>Enter an address such as service@avanet.com under <strong>Email<\/strong>.<\/li>\n<\/ul>\n\n<p>3. <strong>save<\/strong><\/p>\n\n<p>Click on <strong>Save<\/strong> or <strong>Add<\/strong> to create the new user.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"fqdn-host-fur-support-avanet-com-anlegen\">Create FQDN host for support.avanet.com<\/h2>\n\n<p>1. <strong>switch to the &#8220;Hosts and services&#8221; menu<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-12a26c1\" data-block-id=\"12a26c1\"><style>.stk-12a26c1 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167646\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host.jpg\" width=\"1661\" height=\"1246\" alt=\"Sophos Firewall - Add FQDN host as source\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host.jpg 1661w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-64x48.jpg 64w\" sizes=\"auto, (max-width: 1661px) 100vw, 1661px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Firewall &#8211; FQDN Host als Source hinzuf\u00fcgen<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li>Click on <strong>Hosts and services<\/strong> on the left.<\/li>\n\n\n\n<li>Select <strong>FQDN hosts<\/strong>.<\/li>\n<\/ul>\n\n<p>2. <strong>add FQDN host<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-d8c6e5f\" data-block-id=\"d8c6e5f\"><style>.stk-d8c6e5f .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167641\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support.jpg\" width=\"1639\" height=\"1229\" alt=\"Sophos Firewall - Add FQDN host\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support.jpg 1639w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-fqdn-host-avanet-support-64x48.jpg 64w\" sizes=\"auto, (max-width: 1639px) 100vw, 1639px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Firewall &#8211; FQDN Host hinzuf\u00fcgen<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li>Click on <strong>Add<\/strong>.<\/li>\n\n\n\n<li>Enter a unique name under <strong>Name<\/strong>, e.g. support.avanet.com.<\/li>\n\n\n\n<li>Under <strong>FQDN<\/strong> enter support.avanet.com.<\/li>\n\n\n\n<li>Add a <strong>description<\/strong>, e.g. &#8220;Avanet support access&#8221;.<\/li>\n\n\n\n<li>Click on <strong>Save<\/strong>.<\/li>\n<\/ul>\n\n<p>This creates a DNS object that points to the IP address(es) of support.avanet.com.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"3-local-service-acl-exception-rule-einrichten\">Set up Local Service ACL Exception Rule<\/h2>\n\n<p>1. <strong>administration \u2192 Device access<\/strong><\/p>\n\n<p>Click on <strong>Administration<\/strong> in the left-hand navigation and then on <strong>Device access<\/strong>.<\/p>\n\n<p>2. <strong>add ACL exception rule<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-cf627a7\" data-block-id=\"cf627a7\"><style>.stk-cf627a7 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167626\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-scaled.jpg\" width=\"2560\" height=\"1920\" alt=\"Sophos Firewall - Device access authorizations\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-2048x1536.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-device-access-permissions-64x48.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Firewall &#8211; Device Access Berechtigungen<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li>Scroll to <strong>Local service ACL exception rule<\/strong> and click on <strong>Add<\/strong>.<\/li>\n\n\n\n<li>Enter a title under <strong>Rule name<\/strong>, e.g. <strong>Avanet Support<\/strong>.<\/li>\n\n\n\n<li><strong>Rule position<\/strong>: Make sure that it fits in your order (e.g. &#8220;Bottom&#8221; so that other rules are not overwritten).<\/li>\n<\/ul>\n\n<p>3. <strong>carry out configuration<\/strong><\/p>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-11791d4\" data-block-id=\"11791d4\"><style>.stk-11791d4 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167636\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-scaled.jpg\" width=\"2560\" height=\"1920\" alt=\"Sophos Firewall - Add local service ACL rules\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-2048x1536.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-local-service-acl-avanet-support-64x48.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Firewall &#8211; Local Service ACL Regeln hinzuf\u00fcgen<\/figcaption><\/figure><\/div>\n\n<ul class=\"wp-block-list\">\n<li><strong>IP version<\/strong>: Select <strong>IPv4<\/strong> (or IPv6 if you need it).<\/li>\n\n\n\n<li><strong>Source zone<\/strong>: Make sure you select the correct zone (e.g. Any or a specific zone).<\/li>\n\n\n\n<li><strong>Source Network \/ Host<\/strong>: Select the FQDN object just created <strong>support.avanet.com<\/strong>.<\/li>\n\n\n\n<li><strong>Destination host<\/strong>: Any or specifically the firewall (depending on your configuration).<\/li>\n\n\n\n<li><strong>Services<\/strong>: Mark <strong>HTTPS<\/strong> and <strong>SSH<\/strong> so that Avanet can access the admin interface (HTTPS) and via SSH.<\/li>\n\n\n\n<li><strong>Action<\/strong>: Set to <strong>Accept<\/strong> to allow access.<\/li>\n<\/ul>\n\n<p>4. <strong>save<\/strong><\/p>\n\n<p>Click on <strong>Save<\/strong> to create the new exception rule.<\/p>\n\n<p>This allows Avanet to access the firewall administration exclusively via the DNS host support.avanet.com.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"public-ssh-key-hinzufugen-optional\">Add public SSH key (optional)<\/h2>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-238997a\" data-block-id=\"238997a\"><style>.stk-238997a .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-167631\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-scaled.jpg\" width=\"2560\" height=\"1920\" alt=\"Sophos Firewall - Add SSH Public Key\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-300x225.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-1024x768.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-768x576.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-1536x1152.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-2048x1536.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-600x450.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-support-access-add-ssh-public-key-64x48.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Firewall &#8211; SSH Public Key hinzuf\u00fcgen<\/figcaption><\/figure><\/div>\n\n<p>If Avanet requires SSH key-based access, you can store the public key either for the <strong>default admin<\/strong> or for the new user &#8220;avanet&#8221;:<\/p>\n\n<p>1. <strong>administration \u2192 Device access<\/strong><\/p>\n\n<ul class=\"wp-block-list\">\n<li>Click on <strong>Administration<\/strong> and then on <strong>Device access<\/strong>.<\/li>\n<\/ul>\n\n<p>2. <strong>public key authentication<\/strong><\/p>\n\n<ul class=\"wp-block-list\">\n<li>Scroll to <strong>Public key authentication for admin<\/strong> (or for the user &#8220;avanet&#8221;, if available).<\/li>\n\n\n\n<li>Click on the <strong>+ symbol<\/strong> or <strong>Add<\/strong> to insert the public key.<\/li>\n\n\n\n<li>Enter the supplied SSH public key (e.g. ssh-rsa AAAAB3NzaC1yc2EAAA&#8230;) in the field.<\/li>\n<\/ul>\n\n<pre class=\"wp-block-code\"><code>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyVlHzNIcVvEcEaxcgCj3RjNcJpzXFbjkT0S9e\/Mi3LEVXKBUlG6MkL0zuxamcSjmEyNWeHJ\/K9uuDwch6nozuQloucOMRIe3IulRrE3kDvUre3\/WDdMC5j0\/ceGv6ZtkDLI1zyDu4h\/mBLemM3TKaq2P232TuL7RQ9LGm4HNutKP+ShAS+aiIEmGd\/oWaMUK9bHFe4LNcekCgCs854gDtMANG12S8bgZEo+aLs8inVE\/nolagyuZkQHM+fCWg2Efe2XOJrqkhu1BtwFrdlK+hehb5e9hxX7fzWn858kNn6Z5FKiK47X6NlxT8CsYH0dV41YOtQuHhwNCla\/IRVEbFEwDoNEZMklaKCt9snFeles2Uy7oyaMXdJkkChDHlpcicph\/cqC3g\/Ik4Xh9QYDTgCgYjxPBUsBRDmalRcHhm8r3aJG+PHm51N5sCsU5BBkMmOeqGnC42QtF7kFl6lcqcbqJlNZnKgGTRTQhp4lG0NCx1s5riWyZRWq751cEoWPew14fNPcs24eUevCy6+TBzDmFx7s8Utd0ZtDgu7kA7SkNHwzysAmBEtDzS90ExAaRRrQcOAPh485y5L0X0jQ0VbM1ehyS8QZQEmWw9G1qdHftRdYkiyn4fZdRC4sW9SX\/IONNFxKbdOo0DKfz\/EhHR1\/uhFVU6jTXl551lHVmW+w==<\/code><\/pre>\n\n<p>3. <strong>save<\/strong><\/p>\n\n<p>Click on <strong>Save<\/strong>.<\/p>\n\n<p>Avanet can then authenticate itself using an SSH key, provided the firewall settings allow SSH access.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"faq\">FAQ<\/h2>\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1740426934138\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">What happens if the IP address behind support.avanet.com changes?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>The firewall uses the FQDN entry (DNS) to determine the IP. If the IP changes, the firewall automatically accesses the new IP after a brief DNS update. Make sure that the DNS entry is configured correctly.  <\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1740426962040\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Do I have to open other ports apart from HTTPS (443) and SSH (22)?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Usually not for support access. If Avanet requires additional services, you may have to release additional ports or create corresponding ACL exceptions. Unless the Sophos Firewall is behind a NAT router.  <\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"wp-block-heading\" id=\"ssh-key\">Add SSH key<\/h2>\n\n<p><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"template":"","format":"standard","kb_kategorie":[382],"class_list":["post-167656","kb","type-kb","status-publish","format-standard","hentry","kb_kategorie-sophos-firewall"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb\/167656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=167656"}],"wp:term":[{"taxonomy":"kb_kategorie","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb_kategorie?post=167656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}