User assistance

Download PDF |

Contact Sophos Support

Introduction
Using the web admin console
Control center
Current activities
Keep track of currently signed-in local and remote users, current IPv4, IPv6, IPsec, SSL, and wireless connections.
Reports
Reports provide a unified view of network activity for the purpose of analyzing traffic and threats and complying with regulatory bodies. For example, you can view a report that includes all web server protection activities taken by the firewall, such as blocked web server requests and identified viruses.
Diagnostics
This menu allows checking the health of your device in a single shot. Information can be used for troubleshooting and diagnosing problems found in your device.
Firewall
Firewall rules implement control over users, applications, and network objects in an organization. Using the firewall rule, you can create blanket or specialized traffic transit rules based on the requirement. The rule table enables centralized management of firewall rules.
Intrusion prevention
With intrusion prevention, you can examine network traffic for anomalies to prevent DoS and other spoofing attacks. Using policies, you can define rules that specify an action to take when traffic matches signature criteria. You can specify protection on a zone-specific basis and limit traffic to trusted MAC addresses or IP–MAC pairs. You can also create rules to bypass DoS inspection.
Web
Web protection keeps your company safe from attacks that result from web browsing and helps you increase productivity. You can define browsing restrictions with categories, URL groups, and file types. By adding these restrictions to policies, you can block websites or display a warning message to users. For example, you can block access to social networking sites and executable files. General settings let you specify scanning engines and other types of protection. Exceptions let you override protection as required for your business needs.
Applications
Application protection helps keeps your company safe from attacks and malware that result from application traffic exploits. You can also apply bandwidth restrictions and restrict traffic from applications that lower productivity. Application filters allow you to control traffic by category or on an individual basis. With synchronized application control, you can restrict traffic on endpoints that are managed with Sophos Central. Managing cloud application traffic is also supported.
Wireless
Wireless protection lets you define wireless networks and control access to them. The firewall supports the latest security and encryption, including rogue access point scanning and WPA2. Wireless protection allows you to configure and manage access points, wireless networks, and clients. You can also add and manage mesh networks and hotspots.
Email
With email protection, you can manage email routing and relay and protect domains and mail servers. You can specify SMTP/S, POP/S, and IMAP/S policies with spam and malware checks, data protection, and email encryption.
Web server
You can protect web servers against Layer 7 (application) vulnerability exploits. These attacks include cookie, URL, and form manipulation. Use these settings to define web servers, protection policies, and authentication policies for use in Web Application Firewall (WAF) rules. General settings allow you to protect web servers against slow HTTP attacks.
Advanced threat
Advanced threat protection allows you to monitor all traffic on your network for threats and take appropriate action, for example, drop the packets. You can also view Sandstorm activity and the results of any file analysis. Use these results to determine the level of risk posed to your network by releasing these files.
Central synchronization
By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.
Security Heartbeat
Security Heartbeat is a feature that allows endpoints and firewalls to communicate their health status with each other. Find the details on how it works, what different health statuses there are, and what they mean.
VPN
A Virtual Private Network (VPN) is a tunnel that carries private network traffic from one endpoint to another over a public network such as the internet. VPN allows users to transfer data as if their devices were directly connected to a private network. You can use a VPN to provide secure connections from individual hosts to an internal network and between networks. VPNs are commonly used to secure communication between off-site employees and an internal network and from a branch office to the company headquarters.
- IPsec connections
  Internet Protocol Security (IPsec) is a suite of protocols that support cryptographically secure communication at the IP layer. With IPsec connections, you can provide secure access between two hosts, two sites, or remote users and a LAN. The firewall supports IPsec as defined in RFC 4301. Use these settings to create and manage IPsec connections and to configure failover.
- SSL VPN (remote access)
  With remote access policies, you can provide access to network resources by individual hosts over the internet using point-to-point encrypted tunnels. Remote access requires SSL certificates and a user name and password.
- SSL VPN (site-to-site)
  With a site-to-site SSL VPN, you can provide access between internal networks over the internet using point-to-point encrypted tunnels. The tunnel endpoints act as either client or server. The client initiates the connection, and the server responds to client requests. This contrasts with IPsec where both endpoints can initiate a connection. An SSL VPN can connect from locations where IPsec encounters problems due to network address translation and firewall rules.
- Sophos Connect client
  Sophos Connect client is VPN software that runs on Microsoft Windows 7 SP2 and later, and Mac OS 10.12 and later. It establishes highly secure, encrypted VPN tunnels for off-site employees.
- L2TP (remote access)
  The Layer Two Tunneling Protocol (L2TP) enables you to provide connections to your network through private tunnels over the internet. The firewall supports L2TP as defined in RFC 3931.
- Clientless access
  Allow users to access services and areas on your network such as remote desktops and file shares using only a browser, and without the need for additional plug-ins. Clientless access policies specify users (policy members) and bookmarks.
- Bookmarks
  Bookmarks specify a URL, a connection type, and security settings. Use bookmarks with clientless access policies to give users access to your internal networks or services. For example, you may want to provide access to file shares or allow remote desktop access. Users can access bookmarks through the VPN page in the user portal.
- Bookmark groups
  Bookmark groups allow you to combine bookmarks for easy reference. For example, you can create a group containing all of the bookmarks for remote desktops so that you do not need to specify access on an individual basis.
  - Add a bookmark group
- PPTP (remote access)
  Using the Point-to-Point Tunneling Protocol (PPTP), you can provide connections to your network through private tunnels over the internet. The protocol itself does not describe encryption or authentication features. However, the firewall supports several authentication options including Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2). The firewall supports PPTP as described in RFC 2637.
- IPsec policies
  Internet Protocol Security (IPsec) profiles specify a set of encryption and authentication settings for an Internet Key Exchange (IKE). You can use profiles when setting up IPsec or L2TP connections. The default set of profiles supports some commonly used VPN deployment scenarios.
- VPN settings
  Define settings requested for remote access using SSL VPN and L2TP. These include protocols, server certificates, and IP addresses for clients.
- Configure IPsec remote access VPN with Sophos Connect client
  You can configure IPsec remote access connections. Users can establish the connection using the Sophos Connect client.
- Creating a remote access SSL VPN
  We want to configure and deploy a connection to enable remote users to access a local network. The VPN establishes an encrypted tunnel to provide secure access to company resources through TCP on port 443.
- Creating a site-to-site SSL VPN
  We want to establish secure, site-to-site VPN tunnels using an SSL connection. This VPN allows a branch office to connect to the head office. Users in the branch office will be able to connect to the head office LAN.
- Creating a site-to-site IPsec VPN
  We want to create and deploy an IPsec VPN between the head office and a branch office. We use a preshared key for authentication.
Network
Network objects let you enhance security and optimize performance for devices behind the firewall. You can use these settings to configure physical ports, create virtual networks, and support Remote Ethernet Devices. Zones allow you to group interfaces and apply firewall rules to all member devices. Network redundancy and availability is provided by failover and load balancing. Other settings allow you to provide secure wireless broadband service to mobile devices and to configure advanced support for IPv6 device provisioning and traffic tunnelling.
Routing
This section provides options to configure both static and dynamic routes.
Authentication
You can set up authentication using an internal user database or third-party authentication service. To authenticate themselves, users must have access to an authentication client. However, they can bypass the client if you add them as clientless users. The firewall also supports two-factor authentication, transparent authentication, and guest user access through a captive portal.
System services
Use system services to configure the RED provisioning service, high availability, and global malware protection settings. Other options let you view bandwidth usage and manage bandwidth to reduce the impact of heavy usage. Using log settings, you can specify system activity to be logged and how to store logs. Data anonymization lets you encrypt identities in logs and reports.
Profiles
Profiles allow you to control users’ internet access and administrators’ access to the firewall. You can define schedules, access time, and quotas for surfing and data transfer. Network address translation allows you to specify public IP addresses for internet access. You can specify levels of access to the firewall for administrators based on work roles.
Hosts and services
Hosts and services allows defining and managing system hosts and services.
Administration
Administration allows you to manage device licenses and time, administrator access, centralized updates, network bandwidth and device monitoring, and user notifications.
Backup & firmware
Certificates
Certificates allows you to add certificates, certificate authorities and certificate revocation lists.
Logs
The firewall provides extensive logging capabilities for traffic, system activities, and network protection. Logs include analyses of network activity that let you identify security issues and reduce malicious use of your network. You can send logs to a syslog server or view them through the log viewer.
Policy test
With the policy test tool, you can apply and troubleshoot firewall and web policies and view the resulting security decisions. For example, you can create a web policy to block all social networking sites for specified users and test the policy to see if it blocks the content only for the specified users. The results display the details of the action taken by the firewall, including the relevant rules and content filters.
IPS custom pattern syntax
Default file type categories
USB compatibility list
Compatibility with SFMOS 15.01.0
Copyright notice

Home
VPN
A Virtual Private Network (VPN) is a tunnel that carries private network traffic from one endpoint to another over a public network such as the internet. VPN allows users to transfer data as if their devices were directly connected to a private network. You can use a VPN to provide secure connections from individual hosts to an internal network and between networks. VPNs are commonly used to secure communication between off-site employees and an internal network and from a branch office to the company headquarters.
Bookmark groups
Bookmark groups allow you to combine bookmarks for easy reference. For example, you can create a group containing all of the bookmarks for remote desktops so that you do not need to specify access on an individual basis.
Add a bookmark group

Add a bookmark group

Go to VPN > Bookmark groups and click Add.
Enter a name.
Click Add new item and select bookmarks.
Click Save.

Related concepts

Bookmark groups

© 2020 Sophos Limited. All rights reserved. Legal details