April 6, 2021 Authentication Attack Against Firebox Web Management

WatchGuard has been made aware of an ongoing authentication attack against Firebox web management interfaces exposed to the internet. While we are still researching this incident, WatchGuard Firebox administrators should immediately make sure they follow the best practices listed below to mitigate the threat:

Configure your Firebox admin account with a strong password. We recommend at least 16 characters without dictionary words.

Do not expose Firebox web management (TCP/8080) to the internet via the Any-External source alias or similar.

If you require remote administrative access to the Firebox management interface, you should instead configure a mobile VPN and restrict administrative access to authenticated VPN users. If you cannot configure a mobile VPN, you can instead configure the Firebox Authentication Portal (TCP/4100) to restrict administrative access to “pre-authenticated” users as a form of mitigation.

Watchguard will update this KB article as their investigation continues.

Clarity is proud to be a WatchGuard Partner providing Network Security Services and Firewall Systems to the Americas for many years, including clients Worldwide offering our unified communications platform. Clarity Technologies Group, LLC surpasses expectations.

 

Call Clarity at 800-354-4160 today or email us at [email protected]. We are partnered internationally around the globe and we are open seven days a week 8:30 AM to 5:00 PM EST/EDT. http://45.33.92.219 and https://dotmantech.com.