Modify the admin port settings and sign-in parameters. Customize the sign-in parameters to restrict local and remote user access based on time duration.
Enter the host details of your Sophos Firewall.
Hostname: Enter a name in the form of a fully qualified domain name (FQDN).
Acceptable range: 0 to 256 characters.
When you sign in to the web admin console, the browser tab shows this hostname. If you've signed in to multiple firewalls in the same browser window, you can identify a firewall by the hostname shown in the browser tab.
When the device is deployed for the first time, the serial ID of the device is saved as the hostname.
Description: Enter a description.
Admin console and end-user interaction
Configure port and certificate settings for the web admin console and the user portal.
Admin console HTTPS port: HTTPS port configured in Sophos Firewall.
User portal HTTPS port: Port number where users can access the user portal.
User portal port: 3311
User portal link for IP address (
User portal link for hostname (
If you manually change the default ports, we strongly recommend using a unique port for each service. This ensures that services aren't exposed to the WAN zone when you haven't configured WAN access for them.
For example, if you use port 443 for both user portal and SSL VPN, the user portal will be accessible from the WAN zone.
Certificate: Select the certificate to be used by user portal, captive portal, SPX registration portal and SPX reply portal.
When redirecting users to the captive portal or other interactive pages: Select an option to use when redirecting users to the captive portal or other interactive pages.
You can use the firewall’s configured hostname, the IP address of the first internal interface, or specify a different hostname. Click Check settings to test your configuration.
Set sign-in security for administrators.
Log out admin session after: Select to automatically sign out the administrator from the web admin console after the configured time of inactivity (in minutes).
Default: 10 minutes
Block login: Select to block sign-in for all types of authentication, such as the web admin console, CLI, or VPN. Enter the maximum number of failed sign-in attempts and the duration (in seconds) within which the attempts can be made from a single IP address. When the failed attempts exceed the number, the administrator is locked for the configured minutes. Specify the number of minutes for which the administrator will not be allowed to sign-in.
CAPTCHA: Administrators signing in to the web admin console, and local and guest users signing in to the user portal from the WAN or VPN zones must enter a CAPTCHA. Local users are registered on Sophos Firewall and not on an external authentication server, such as an AD server.
The CAPTCHA isn't shown on XG 85 and XG 85w devices.
You can manually turn off the CAPTCHA for VPN zones from the command-line interface. Use the following commands:
system captcha_authentication_VPN [disable] [enable] [show]
Failed CAPTCHA attempts aren't currently counted as failed sign-in attempts and don't trigger the Block login setting.
Administrator password complexity settings
Select to turn on password complexity settings for administrators and enforce the required constraints.
Login disclaimer settings
Select Enable login disclaimer to set messages for authentication, SMTP, administration, and SMS customization, which administrators must agree to before they can sign in to the web admin console and CLI. You can customize and preview messages too.
Sophos Adaptive Learning
Select to send the following application usage and threat data to Sophos: Unclassified applications (to improve network visibility and enlarge the application control library), data for IPS alerts, detected virus (including URLs), spam, ATP threats, such as threat name, threat URL/IP, source IP, and applications used.
The device sends periodic information to Sophos over HTTPS to improve stability, prioritize feature refinements, and to improve protection effectiveness. No user-specific information or personalized information is collected. The device sends configuration and usage data by default. This includes device information (example: model, hardware version, vendor), firmware version and license information (does not include owner information), features that are in use (status, on/off, count, HA status, central management status), configured objects (example: count of hosts, policies), product errors, and CPU, memory, and disk usage (in percentage).