Skip to content

Edit guest user

When you add (register) guest users, you can specify the policies, remote access, and other settings. After authentication, the guest user is granted access according to the selected policies or redirected to the captive portal.

  1. Go to Authentication > Guest users and click edit Edit button. for the user.
  2. (Optional) Change the name.
  3. (Optional) Change the password.
  4. Specify a mobile phone number.
  5. (Optional) Change the email address.
  6. Select the policies.

    Note

    User policies take precedence over group policies.

    Option Description
    Group Group to which you want to add the user. If you don't specify policies for the user, the group's policies apply.
    Surfing quota Allows access based on a defined period and type. This policy can include a cycle type, hours, validity, and maximum hours.
    Access time Allows or denies access based on a defined recurring period.
    Network traffic Allows access based on bandwidth usage.
    Traffic shaping Allows access based on QoS traffic shaping policy. This policy can include a policy association, priority, and specific limits for uploading and downloading.
  7. Select the remote access policies.

    Option Description
    SSL VPN policy Allows access to SSL VPN using clients, such as the Sophos Connect client.
    Clientless SSL VPN policy Allows access to users using only a browser as a client. This policy can include bookmarks or resources that clientless users can access.
    IPsec remote access

    Allows access to IPsec VPN connections through the Sophos Connect client.

    Optionally, specify an IP address to be leased to the user for Sophos Connect access.

    L2TP

    Allows access through L2TP connections.

    Optionally, specify an IP address to be leased to the user for L2TP access.

    PPTP

    Allows access through PPTP connections.

    Optionally, specify an IP address to be leased to the user for PPTP access.

  8. Specify the other settings.

    Option Description
    Quarantine digest Sends the list of emails held in the quarantine area as a digest to the user's inbox.
    MAC binding Requires users to sign in through specified devices.
    MAC address list

    Enter the MAC addresses if you turn on MAC binding.

    The firewall doesn't bind remote access VPN users with MAC addresses.

    Simultaneous sign-ins Number of concurrent sessions that will be allowed for the user. Use the value specified in the global settings or specify a value.
    Sign-in restriction

    Allows access from the specified nodes.

    • Any node: The user can sign in from any node in the network.
    • User group nodes: Sign-in restriction of the user's group applies.
    • Selected nodes: The user can only sign in from selected nodes.
    • Node range: The user can sign in from any IP address within the specified IP range.
  9. Click Save.

More resources