Don’t make it available from internet. This will solve the issue.

If it is not possible, once the cve is published and properly described, perhaps there is another way to secure it via an external proxy or even a waf.

If you have unsupported Sw, it is always a pain in the ass to keep them secure so try to figure out always the first point

Can someone be so kind to explain me what I am seeing?

Because it seems like I am not celvee enough to get it

The answer is mTLS.

But you will run into the key distribution problem. But if your number of devices is manageable, it could be the solution

This thing reduces the attack surface of the inmich installation.

If it is good, or bad or fitting to your security model can only be said by you. But honestly it sounds like a sensible thing to do

OK, thanks for the feedback. Perhaps I am doing something terrible wrong with it.

I will recheck the system again.

Thanks

Would you mind to elaborate a bit more about your experience witht he sophos?

I got a reused xgs115 a few months ago and I found the experience not so pleasant. The device lags a lot with the web page interface, the learning curve is steep in my opinion and I have problems to setup some services in a reliable way (they tends to hangs up, but this is perhaps my own problem)

Do you know by chance if they are able to have the Ds-lite tunnel for an ipv6 to ipv4 working?

How the average quality from those IKEA plugs?

In my experience Ikea quality in electronics range from ok to a big ball of crap without any apparent way to distinguish in which side they are.

Thank for the suggestions, I will take a look because it is true that I focused myself on the link manager but perhaps a link sync tool could do the job.

Thanks again

I didn’t know floccus, I will take a look.

Thanks for the suggestion

Thanks for the suggestion, but as far as I know there is not any plugin for the browser available, right?