By default, the FB2900 will allow access to the user interface from any machine, although obviously access to the user interface normally requires the correct login credentials to be provided. However, if you have no need for your FB2900 to be accessed from arbitrary machines, then you may wish to 'lock-down' access to the user interface to one or more client machines, thus removing an 'attack vector'.

Access can be restricted using allow and local-only controls as with any service. If this allows access, then a user can try and login. However, access can also be restricted on a per user basis to IP addresses and using profiles, which block the login even if the passord is correct.

Additionally, access to the HTTP server can be completely restricted (to all clients) under the control of a profile. This can be used, for example, to allow access only during certain time periods.

There are a number of security related headers with sensible defaults. These can be changed in the config. If you wish to remove a header simply make it an empty string to override the default.

The FireBrick provides a means to access the control pages using https rather than http.

You will need to install a key pair, and a certificate using the host name you have chosen as its common name. A proper signed certificate from a recognised CA will avoid any browser warnings when using https. The certificate generation / upload process is explained more in Section 12.1.4.

By default access is permitted using http and https, but you can lock down to http only, https only, or redirection from http to https. It is recommended that https is used for security reasons. FireBrick https works with all modern browsers (e.g. IE 10 and above, chrome, firefox, safari). It uses TLS1.2 only with TLS1.3 planned when appropriate.