Howdy,
I'm working with a client who has their network managed by another company. This company has setup a pfSense firewall at my client's location. I recently found that the login page for the pfSense firewall is accessible from the internet, or at least it looks like the firewall config page, says pfSense at the top, "SIGN IN", blue background, asks for a username and password with a green sign in button...
It's always been my understanding to never allow unrestricted internet access to your router/firewall configuration... But I've never used pfSense before so I don't know if it's an exception - what's the risk? I assume pfSense has a fail2ban list and some security measures to prevent bruteforce. It still seems very odd to me. Most likely one of their tech's made a mistake and accidentally made it accessible or forgot to change it...