Hardening Guidelines
- Last Updated: May 5, 2026
- 3 minute read
- Flowmon Products
- Flowmon
- Documentation
This section explains the recommended steps to secure your Flowmon deployment and reduce the potential attack surface. Flowmon is delivered as an appliance, including an operating system that is configured in a secure way respecting and reflecting a relevant subset of the CIS methodology. Each Flowmon release is tested for vulnerabilities. Following the recommendations outlined in this document will ensure that your Flowmon appliance is well secured.
Hardening guidelines
| Measure | Description | Where to configure |
|---|---|---|
| WebGUI default password | Change the password for the admin user. | Configuration Center > System > Users |
| SSH console default password | Change the password for the flowmon user. | Log in to Flowmon using SSH (for example, using PuTTy) and run the sysconfig command to launch the interactive configuration utility |
| iDRAC default password | If your hardware-based Flowmon appliance is equipped with an iDRAC management interface, change the default user credentials. | Log in to the iDRAC management interface and change the login credentials. |
| Admin permissions | Do not create users with admin permissions unless it is necessary. Do not provide regular users access to the Configuration Center. | Configuration Center > System > Users |
| SNMP community string | The Flowmon appliance comes with preconfigured SNMPv2 with the community string "public". Change the community string. You can also switch to SNMPv3. | Configuration Center > System > System > SNMP |
| Identity management | You can connect Flowmon to LDAP to avoid standalone user accounts and provide central authentication. | Configuration Center > System > System > LDAP |
| SSL certificate | Flowmon comes with a self-signed certificate for secure access to the WebGUI. Replace the certificate for a trusted one that you generate using your certification authority. | Configuration Center > System > Security > Certificate Management |
| Limit remote access | You can configure “Access restriction settings” to limit access to the management interface for predefined subnets to IP addresses. | Configuration Center > Remote Access |
| Web security headers | You can control additional security headers for the web-based user interface. | Configuration Center > System > Security > Security Headers |
| FIPS (Federal Information Processing Standards) | You can enable FIPS mode to ensure that the system only uses cryptographic algorithms and modules that are compliant with this standard. | Configuration Center > System > Security > FIPS Settings |
| Regular updates | Enable regular update package downloads from services.flowmon.com. Enable notifications to inform administrators that a new package is available for installation. Keep your Flowmon up-to-date. | Configuration Center > Versions |
| Management VLANs | You can connect the Flowmon management interface to a dedicated management VLAN with restricted access. | Configured outside of the Flowmon system, depending on your environment. |
Root access
Progress Software do not provide root access to customers for Flowmon appliances. The root account is reserved as a service account for Progress Software to provide technical support and maintenance. Unauthorized modifications of the Flowmon appliance can negatively affect the functionality of the appliance and prevent future software updates. Only authorized support personnel can work with the appliance using root permissions. The root account is password protected, and remote SSH access is restricted. Customers have full control over who can access the root account.
It is possible to log into the root account using the following options:
- Directly as root through the local console (requires physical access to the Flowmon appliance or access to the hypervisor hosting the Flowmon appliance)
- Directly as root through the iDRAC server management console (requires access to the iDRAC management console that is under full customer control)
- Using the su utility from the Command Line Interface (CLI) through the local console, iDRAC server management console, or SSH console when the flowmon user is properly authenticated (access to the flowmon user is under full customer control)