Possibily to disable local admins and log in everywhere with Nebula account
Ally Member
Security idea: why is the local admin on firewalls still enabled after they are joined on Nebula?
Why not only allow to log in on Security appliances with Nebula account and maybelocal admin account as applied in site settings with password random generated per organization in Nebula?
I now always get warning to enable 2FA on my appliances, but if local admin would be disabled, it would be better.
Comments
-
To better discussing about this idea, please allow me to separate this to two part:
- Log in on Security appliances with Nebula account or site-wide admin with random password.
- Disable local admins.
Let me start part 2 first. If you are talking about H series (I think of course since USG FLEX/ATP series doesn't enable local admin when using Nebula mode), this is because H series not just allows to be configured on Nebula but also can be configured on local GUI. Since that, creating an admin account is available on local GUI. If you want to disable the default local admin account, you need to:
- Upgrade to V1.38.
- Create a new admin account.
- Access User & Authentication > User/Group > User > Local Administrator > edit admin.
- Disable it and save.
Additionally, if you select Nebula mode via start-up wizard, the local admin account will be applied in site settings with password random generated per site, which might match part 1 requirement.
Zyxel Melen0
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 226 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 641 USG FLEX H Series
- 357 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 54 Wireless Ideas
- 7K Consumer Product
- 303 Service & License
- 495 News and Release
- 93 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 110 Security Highlight
