Skip to content
Last update: 2021-11-18

User details

The firewall distinguishes between end users, who connect to the internet from behind the firewall, and administrator users, who have access to firewall objects and settings. Specify policies and settings as required.

  • To change a password, click Change password.
  • To view internet traffic statistics, click View usage.
  • To reset the internet traffic statistics and restart the user’s network traffic quota, click Reset user accounting.

Policies

Note

Policies specified at the user level take precedence over those specified at the group level.

Group: Group to which you want to add the user. If you don't specify policies for the user, the group's policies apply.

Surfing quota: Access based on a defined period and type. This policy can include a cycle type, hours, validity, and maximum hours.

Access time: Access or denial based on a defined recurring period.

Network traffic: Access based on bandwidth usage.

Traffic shaping: Access based on QoS traffic shaping policy. This policy can include a policy association, priority, and specific limits for uploading and downloading.

Remote access: Access to be applied to remote users through VPN. This relates to SSL VPN connections through the Sophos Connect client and the legacy SSL VPN client.

Clientless: Access to be granted to users using only a browser as a client. This policy can include bookmarks or resources that clientless users are allowed to access.

Settings

Note

User policies take precedence over policies of the group to which the user belongs.

L2TP: Allow access using L2TP. Optionally, specify an IP address to be leased to the user for L2TP access.

PPTP: Allow access using PPTP. Optionally, specify an IP address to be leased to the user for PPTP access.

Note

For SFOS 18.5 MR2 and later, when you turn on L2TP or PPTP, the allowed members must first sign in to the user portal and create a password before they can connect.

IPsec remote access: Allow remote access VPN using the Sophos Connect client.

Quarantine digest: Sends a list of emails held in the quarantine area to the user's inbox as a digest.

Simultaneous logins: Number of concurrent sessions that will be allowed for the user. Use the value specified in the global settings or specify a value.

MAC binding: Require users to log on through the specified devices.

Login restriction: Allow access from the specified nodes. You can specify no restriction (any node), named nodes, or a node range.

Back to top