Skip to content
Last update: 2022-05-24

Group details

Groups contain policies and settings that you can manage as a single unit. With groups, you can simplify policy management for users.



Policies specified at the user level take precedence over those specified at the group level.

Surfing quota: Access based on a defined period and type. This policy can include a cycle type, hours, validity, and maximum hours.

Access time: Access or denial based on a defined recurring period.

Network traffic: Access based on bandwidth usage.

Traffic shaping: Access based on QoS traffic shaping policy. This policy can include a policy association, priority, and specific limits for uploading and downloading.

Remote access: Access to be applied to remote users through VPN. This relates to SSL VPN connections through the Sophos Connect client and the legacy SSL VPN client.

Clientless: Access to be granted to users using only a browser as a client. This policy can include bookmarks or resources that clientless users are allowed to access.



User policies take precedence over policies of the group to which the user belongs.

Quarantine digest: Sends a list of emails held in the quarantine area to the user's inbox as a digest.

MAC binding: Require users to log on through the specified devices.

L2TP: Allow access using L2TP. Optionally, specify an IP address to be leased to the user for L2TP access.

PPTP: Allow access using PPTP. Optionally, specify an IP address to be leased to the user for PPTP access.

Login restriction: Allow access from the specified nodes:

  • Any node: The user can sign in from any node in the network.
  • User group nodes: If a user belongs to a specific group, they inherit the login restrictions applied to that group.
  • Selected nodes: The user can only sign in from specified IP addresses.
  • Node range: The user can sign in from any IP address within the specified range of IP addresses.
Back to top