Have you reviewed the hardening guide here.
Note: That Eyeglass OS security patches are configured in yast (ssh as admin type sudo -s enter admin password, then type yast) to auto apply security updates. This requires Internet access port 443 to the Internet from the appliance. Os patches are not supplied any other way and requires customer to setup director or proxy access to Opensuse repositories for patches. Support will require Internet access for patches and no alternate distribution of OS patches is supported.