Skip to content

How to configure management ports

You can use the management ports to access the web admin console and the CLI console.

Sophos Firewall 1U and higher appliance models have one or more management ports.

Default IP address of the management port:

  1. Connect your computer to the management port by using a network cable.

    Alternatively, connect it through the network. To learn more, see the corresponding quick start guide.

    Here's an example of a management port:

    Management port on an appliance

  2. Set the IP address of your computer to one that belongs to the management port's subnet.


    IP address:, subnet:


    We recommend that you don't assign non-administrative users to the management port's subnet so that these users can't access the firewall.

  3. Change the management port's IP address in the setup wizard if you want. Then complete the setup.

    Here's an example:

    Management port settings on the setup wizard


    In an HA cluster, the primary device configuration is synchronized to the auxiliary device. So, the management port IP address on the auxiliary device is the same as that on the primary device. You can't set two different IP addresses for the management port on the two devices.

  4. Enter the management port's IP address ( in the browser to access the web admin console. Alternatively, enter the IP address you've assigned in the setup wizard.

  5. Enter the default username (admin) and password (admin) to sign in.
  6. To edit the management port settings, go to Network > Interfaces.

    A management port appears as a PortMGMT port on the list. It's in the LAN zone by default.

    Here's an example:

    Management port on the interface list

  7. Click the port and edit the settings.


    If you've created a management VLAN for the firewall administrators on your network, change the IP address of the management port to an address belonging to the management VLAN.

  8. To allow access to the management port from outside your network through VPN, go to Administration > Device access and select VPN under HTTPS and SSH.

    Here's an example:

    Allow access through VPN to the web admin console and CLI