SSH with Pepwave Max

I wanted to clarify whether or not Portforwarding on the MAX BR1 ENT would allow a device to access it remotely as well as the IP address of any device connected to it. Furthermore, if so are there any security factors to consider?

Yes, SSH protocol connectivity to the Peplink device itself or to devices behind it could be setup.

To access the device itself is not port forwarding but is configurable on the System/Admin-Security webpage.

As with absolutely everything that involves connecting something to the internet there are security factors to consider.

  • In a perfect world the things which you expose to the internet would not have basic username/password or static SSH key - but would instead be some more advanced SSO + MFA (such as Okta).
  • If static credentials are required limit the number of people who have admin credentials to only trusted people and ensure that their credentials are protected at-rest, dont keep them clear text somewhere easily exposed. As a best practice you should rotate these credentials often.
  • Limit the inbound access to only known IP addresses. While IP-based security isnt perfect, its better than leaving access open to the whole world.
  • Patch regularly anything exposed to the internet
1 Like