The Configure Services page in the web interface allows you to control access to management services. Changing the interfaces and ports that services are available on can increase the security of accessing your Ecessa device.
Setting Service Ports
The most common setting to change is what port each service is available on.
HTTP = port 80
HTTPS = port 443
SSH = port 22
Telnet = port 23
For security purposes we recommend changing these to use other ports. Any port can be utilized for each service, however, Ecessa recommends the following:
HTTP = port 8080
HTTPS = port 8081
SSH = port 2322
Telnet = port 2323
When using a non-standard port and you wish to access the web interface, you must enter the port in the address bar. If using port 8081 for HTTPS the address would be entered in your browser as https://192.168.1.50:8081.
Allowing Service Access
It is possible to configure the types of networks that services can be accessed from and also disable them also. The available settings are LAN, WAN, or LAN & WAN. Because HTTP and Telnet are not encrypted it is recommended that these services are disabled on the device, or only permitted through LAN connections. HTTPS and SSH are secure connections that can safely be used from both WAN and LAN connections.
By default, enabled management services are available on each configured WAN using the IP address of the interface. The Service WANs options allow you to change the IP address to an alternate IP address instead of what is used for the interface.
Management Access Lists
Management Access Lists, if enabled restrict access to management services to only defined sources. Source addresses can be entered as single IP addresses, networks in Classless Inter-Domain Routing (CIDR) notation, or fully qualified domain names. If enabling Management Access Lists it is recommended that you allow access by Ecessa Support by adding an entry for ts.support.ecessa.com.