Admin settings

Modify the admin port settings and sign-in parameters. Customize the sign-in parameters to restrict local and remote user access based on time duration.

Hostname

Enter the host details of your Sophos XG Firewall.
Hostname

Enter a name in the form of a fully qualified domain name (FQDN).

Acceptable range: 0 to 256 characters

Example: security.sophos.com
Note When the device is deployed for the first time, the serial ID of the device is saved as the hostname.
Description
Enter a description.

Admin console and end-user interaction

Configure port and certificate settings for the web admin console and the user portal.
Admin console HTTPS port

Displays the HTTPS port configured in Sophos XG Firewall.

Default: 4444

User portal HTTPS port

Displays the port number where users can access the user portal.

Default: 443

Warning If you manually change the default ports, we strongly recommend that you use a unique port for each service. This ensures that services are not exposed to the WAN zone when they have been disabled. Example: If you use port 443 for both the user portal and SSL VPN, the user portal will be accessible from the WAN zone.
Certificate
Select the certificate to be used by user portal, captive portal, SPX registration portal and SPX reply portal.
When redirecting users to the captive portal or other interactive pages

Select an option to use when redirecting users to the captive portal or other interactive pages.

You can use the firewall’s configured hostname, the IP address of the first internal interface, or specify a different hostname. Click Check settings to test your configuration.

Login security

Set sign-in security for administrators.

Lock admin session after

Select to automatically lock the session after the configured time of inactivity (in minutes). This setting applies to the web admin and CLI console, the IPsec connection wizard, the network wizard, and the group import wizard.

Default: 3 minutes

To unlock the web admin console you must enter your password. You return to the page that you were working on and you don't have to re-enter information.

Log out admin session after

Select to automatically sign out the administrator from the web admin console after the configured time of inactivity (in minutes).

Default: 10 minutes

Note The Log out admin session after value must be greater than the Lock admin session after value.
Block login
Select to block sign-in to the web admin console and CLI. Enter the maximum number of failed sign-in attempts and the duration (in seconds) within which the attempts can be made from a single IP address. When the failed attempts exceed the number, the administrator is locked for the configured minutes. Specify the number of minutes for which the administrator will not be allowed to sign-in.

CAPTCHA: Administrators signing in to the web admin console, and local and guest users signing in to the user portal from the WAN or VPN zones must enter a CAPTCHA. Local users are registered on XG Firewall and not on an external authentication server, such as an AD server.

The CAPTCHA doesn't show on XG 85, XG 85w devices, and on Cyberoam devices upgraded to XG Firewall.

You can manually turn off the CAPTCHA for VPN zones from the command-line interface. Use the following commands:

console> system captcha_authentication_VPN [disable] [enable] [show]

Note Failed CAPTCHA attempts aren't currently counted as failed sign-in attempts and don't trigger the Block login setting.

Administrator password complexity settings

Select to turn on password complexity settings for administrators and enforce the required constraints.

Login disclaimer settings

Select Enable login disclaimer to set messages for authentication, SMTP, administration, and SMS customization, which administrators must agree to before they can sign in to the web admin console and CLI. You can customize and preview messages too.

Sophos Adaptive Learning

Select to send the following application usage and threat data to Sophos: Unclassified applications (to improve network visibility and enlarge the application control library), data for IPS alerts, detected virus (including URLs), spam, ATP threats, such as threat name, threat URL/IP, source IP, and applications used.

The device sends periodic information to Sophos over HTTPS to improve stability, prioritize feature refinements, and to improve protection effectiveness. No user-specific information or personalized information is collected. The device sends configuration and usage data by default. This includes device information (example: model, hardware version, vendor), firmware version and license information (does not include owner information), features that are in use (status, on/off, count, HA status, central management status), configured objects (example: count of hosts, policies), product errors, and CPU, memory, and disk usage (in percentage).