The first time the web user interface is accessed, a setup wizard is launched. This guided process can assist you in establishing a secure initial configuration for the firewall and ensures that the unit is ready for deployment in a production environment.
Note
For optimal security and to ensure a controlled configuration environment, it is strongly recommended that you complete the setup wizard before connecting the device to the internet.
On the first page of the setup wizard, you can click :guilabel:`Start setup` to initiate the guided setup process. Alternatively, you can click :guilabel:`Skip wizard` to bypass the wizard and access the web user interface directly. However, it is highly recommended to complete the setup wizard to ensure a secure and functional configuration.
You are required to define a new, secure password for the root account. This measure significantly reduces the risk of compromise by eliminating reliance on publicly known default credentials.
Note
- The updated root password will be applied immediately upon confirmation.
- Ensure the new credentials are securely stored (e.g., by using a password manager) before proceeding to the next configuration step.
- If you restart the setup wizard after changing root password (e.g., by closing and reopening the browser tab), you will need to use the new password to access the web interface.
You can customize SSH access to suit your security and operational requirements.
- LAN Access is enabled by default to allow administrative access from within the trusted local network.
- WAN Access is disabled by default to prevent exposure to external threats from untrusted networks.
- TCP port: the listening port for SSH can be changed if needed. The default value is 22.
- Root login with password: it is advised to disable password-based root login for SSH. Disabling this option significantly reduces the risk of unauthorized access by limiting the potential for brute-force password attacks.
Note
If password-based login for the root user is disabled, it is essential to upload the root user's SSH public key to the device to ensure continued remote access.
Configure access parameters for the web user interface, which operates on port 9090.
By default, web interface access is enabled from the LAN, allowing administrative management from within the trusted local network.
You can choose from the following access options for WAN connectivity:
- Disabled (recommended): this option disables web interface access from the WAN, preventing exposure to external threats.
- Enabled: full access to the web interface is permitted from any WAN source. This mode should only be used in secure environments or when necessary for remote management, and must be protected with strong credentials
- Limited: web interface access from WAN is restricted to specified IP addresses or networks. You have to define one or more of the following:
- IP address
- CIDR-formatted networks (e.g., 192.168.1.0/24)
- IP address ranges (e.g., 203.0.113.10-203.0.113.20)
If you choose the Limited option, the IP addresses you configured will appear at the end of the wizard under Firewall > Rules > Input rules.
Set up access controls for the web interface and WAN connections on port 443.
- Web interface service on TCP port 443: by default, the web user interface is available on TCP port 9090. Enabling this option also makes it accessible on TCP port 443. It is recommended to keep this additional access disabled and always use TCP port 9090 to access the web UI.
- WAN access on TCP port 443: this option controls if WAN access on port 443 is disabled (recommended) or enabled. Beware, by leaving this option disabled, reverse proxies will not function.
The summary page provides an opportunity to review the unit configuration before applying changes.
Note
WAN access to the web interface may be restricted by your current settings. Applying the changes while connected via port 443 could result in loss of access. Verify your configuration meets your remote access needs, particularly when using reverse proxies.
Use the 'Previous' button to go back and make adjustments if needed. Click 'Finish setup' to apply the changes and complete the setup wizard.