Register a user

  1. Go to Authentication > Users and click Add.
  2. Type a username to be used for authentication.
  3. Enter a name.
    Note This is the user record name, not the username.
  4. Type a password to be used for authentication.
  5. Select a type.
    OptionDescription
    User End users who are connecting to the internet from behind the firewall.
    Administrator Users who have access to firewall objects and settings as defined in a profile.
  6. Type an email address.
  7. Select the policies.
    Note Policies specified at the user level take precedence over those specified at the group level.
    OptionDescription
    Group Group to which the user belongs. For groups imported from Active Directory, it's the mapped group for the user.

    The firewall assigns some policies only to the mapped group. For more information, see Group membership behavior with Active Directory.

    Users inherit the group's policies.
    Surfing quota Access based on a defined period and type. This policy can include a cycle type, hours, validity, and maximum hours.
    Access time Access or denial based on a defined recurring period.
    Network traffic Access based on bandwidth usage.
    Traffic shaping Access based on QoS traffic shaping policy. This policy can include a policy association, priority, and specific limits for uploading and downloading.
  8. Specify the remote access VPN settings:
    OptionDescription

    SSL VPN policy

    Remote access SSL VPN policy assigned to the group or user. If you don't select a policy manually, the group's policy applies to the user.

    Other SSL VPN policies

    SSL VPN policies of the other groups to which the user belongs.

    Clientless SSL VPN policy

    Allows access to bookmarked resources through a browser.

    Other clientless SSL VPN policies

    Clientless SSL VPN policies of the other groups to which the user belongs.

    Sophos Connect client

    Allow remote access using a configured Sophos Connect client. Optionally, specify an IP address to be leased to the user for Sophos Connect access.

    L2TP

    Allow access using L2TP. Optionally, specify an IP address to be leased to the user for L2TP access.

    PPTP

    Allow access using PPTP. Optionally, specify an IP address to be leased to the user for PPTP access.
  9. Specify the other settings.
    Note Settings specified at the user level take precedence over those specified at the group level.
    OptionDescription
    Quarantine digest Send a list of the email messages held in the quarantine in digest form.
    MAC binding Require users to sign in through specified devices.
    MAC address list Enter the MAC addresses of the devices you want to allow if you've selected MAC binding.
    Simultaneous sign-ins Number of concurrent sessions allowed for the user.

    To use the value specified on Authentication > Services, select Use global setting. Alternatively, select Unlimited or specify a value.
    Sign-in restriction Allow access from the specified nodes. You can specify no restriction (any node), named nodes, or a node range.
  10. For administrator users, click Administrator advanced settings and specify settings.
    OptionDescription
    Schedule for device access Allow access the device only during the time selected.
    Login restriction for device access Allow access from the specified nodes. You can specify no restriction (any node), named nodes, or a node range.
  11. Click Save.