set admin-access

Description

Configures various parameters for administrator access to the device via web/SSH.

Syntax

set admin-access [ interfaces { Wireless access <access> | VPN access <access> | LAN access <access> | any access { allow | block } | WAN access <access> } ] [ web-access-port <web-access-port> ] [ ssh-access-port <ssh-access-port> ] [ support-weak-tls-version <support-weak-tls-version> ] [ allowed-ipv4-addresses <allowed-ipv4-addresses> ]

Parameters

Parameter

Description

access

Enable administrator access from the Internet (clear traffic from external interfaces)

Type: Boolean (true/false)

allowed-ipv4- addresses

Administrator access permissions policy for source IP addresses

Options: any, from-ip-list, any-except-internet

ssh-access-port

SSH Port

Type: Port number

support-weak-tls- version

For security reasons, it is highly recommended never to change this parameter's value. Support of TLSv1.0 will be added back to the administration portal to allow connectivity with old browsers (usually ones released prior to 2014). Changing the default of this parameter exposes the administration portal to at- tacks that use vulnerabilities like Heartbleed (CVE-2014-0160).

Type: Boolean (true/false)

web-access-port

Web Port (HTTPS)

Type: Port number

Example

set admin-access interfaces Wireless access true web-access-port 8080 ssh-access-port 8080 support-weak-tls-version true allowed-ipv4-addresses any