Bump sorry - anyone know?

remote management is not a standard feature of a consumer grade router

I'd have to double check, pretty sure we disable turning this functionality off though (I'm not running the public version due to firmware testing)

Regardless, It's not really a great practice, I'd recommend having a VPN and connecting in that way.. 

wratterus:

 

Is it possible to setup remote access (from WAN side) into the new Spark Smart Modems and lock it down to one IP? I've not got one to play with to see if it can be done. Thanks!

 

Yes it is possible :)

halper86:

 

Yes it is possible :)

 

 

Make sure you untick "any ip address can remotely manage the smart modem" otherwise you have a death wish - is the external remote management https or http? I sure as hell hope its https

Personally, all our clients UTMs that we remote manage are via SSH only with private keys, non standard ports, and very limited IP addresses that are allowed

nztim:

 

Personally, all our clients UTMs that we remote manage are via SSH only with private keys, non standard ports, and very limited IP addresses that are allowed

 

nonstandard ports always amuse me. 

Sure they stop a port knocker, but anyone looking for it will still find a SSH Daemon sitting on a nonstandard port.... 

hio77:

 

nztim:

 

Personally, all our clients UTMs that we remote manage are via SSH only with private keys, non standard ports, and very limited IP addresses that are allowed

 

 

nonstandard ports always amuse me. 

 

Sure they stop a port knocker, but anyone looking for it will still find a SSH Daemon sitting on a nonstandard port.... 

 

you still need to be coming from an allowed source IP address - the key thing is the private key set for each of our admins

Thanks guys. Yes I know it's not best practice and maybe not normal for consumer grade routers, but a Netcomm NF18ACV for example allows this and it can be locked down to one IP, so it's not an awful option as a temporary stop gap measure. 

Thanks again.