Admin settings

Admin settings allows you to modify the admin port settings and sign-in parameters. Customize the sign-in parameters to restrict local and remote user access based on time duration.


Enter the host details of your XG Firewall.

Enter a name in the form of a fully qualified domain name (FQDN).

Acceptable range: 0 to 256 characters

Note When the device is deployed for the first time, the serial ID of the device is saved as the hostname.
Enter a description.

Admin console and end-user interaction

Configure port and certificate settings for the web admin console and the user portal.
Admin console HTTPS port

Displays the HTTPS port configured in SFOS.

Default: 4444

User portal HTTPS port

Displays the port number where users can access the user portal.

Default: 443

You can use the same port (for example, 443) for secure connections to the user portal and SSL VPN connections that use TCP.

Select the certificate to be used by user portal, captive portal, SPX registration portal and SPX reply portal.
When redirecting users to the captive portal or other interactive pages

Select an option to use when redirecting users to the captive portal or other interactive pages.

You can use the firewall’s configured hostname, the IP address of the first internal interface, or specify a different hostname. Click Check settings to test your configuration.

Login security

Set sign-in security for administrators.

Lock admin session after

Select to automatically lock the session after the configured time of inactivity (in minutes). This setting applies to the web admin and CLI console, the IPsec connection wizard, the network wizard, and the group import wizard.

Default: 3 minutes

Log out admin session after

Select to automatically sign out the administrator from the web admin console after the configured time of inactivity (in minutes).

Default: 10 minutes

Note The Log out admin session after value must be greater than the Lock admin session after value.
Block login
Select to block sign-in to the web admin console and CLI. Enter the maximum number of failed sign-in attempts and the duration (in seconds) within which the attempts can be made from a single IP address. When the failed attempts exceed the number, the administrator is locked for the configured minutes. Specify the number of minutes for which the administrator will not be allowed to sign-in.

CAPTCHA: Administrators signing in to the web admin console, and local and guest users signing in to the user portal from the WAN or VPN zones must enter a CAPTCHA. Local users are registered on XG Firewall and not on an external authentication server, such as an AD server.

The CAPTCHA doesn't show on XG 85, XG 85w devices, and on Cyberoam devices upgraded to XG Firewall.

You can manually turn off the CAPTCHA for VPN zones from the command-line interface. Use the following commands:

console> system captcha_authentication_VPN [disable] [enable] [show] for [webadminconsole] [userportal]

You can manually turn off the CAPTCHA for endpoint devices accessing the web admin or the user portal from the WAN zone. Use the following commands:

console> system captcha_authentication_global [disable] [enable] [show] for [webadminconsole] [userportal]

Using the global command overrides the VPN-specific commands. We recommend leaving the CAPTCHA enabled for the WAN zone, and only changing the setting for VPN users if required.

Note Failed CAPTCHA attempts aren't currently counted as failed sign-in attempts and don't trigger the Block login setting.

Administrator password complexity settings

Select to turn on password complexity settings for administrators and enforce the required constraints.

Login disclaimer settings

Select Enable login disclaimer to set messages for authentication, SMTP, administration, and SMS customization, which administrators must agree to before they can sign in to the web admin console and CLI. You can customize and preview messages too.

Sophos Adaptive Learning

Select to send the following application usage and threat data to Sophos: Unclassified applications (to improve network visibility and enlarge the application control library), data for IPS alerts, detected virus (including URLs), spam, ATP threats, such as threat name, threat URL/IP, source IP, and applications used.

The device sends periodic information to Sophos over HTTPS to improve stability, prioritize feature refinements, and to improve protection effectiveness. No user-specific information or personalized information is collected. The device sends configuration and usage data by default. This includes device information (example: model, hardware version, vendor), firmware version and license information (does not include owner information), features that are in use (status, on/off, count, HA status, central management status), configured objects (example: count of hosts, policies), product errors, and CPU, memory, and disk usage (in percentage).