Skip to content
Last update: 2022-05-24


The firewall distinguishes between end users, who connect to the internet from behind the firewall, and administrator users, who have access to firewall objects and settings.

When you add (register) a user, you specify the user type and associate the user record with a group. A user can belong to more than one group.

The user inherits the group policy, but if you select both the user and the group in a rule, the user's policy overrides the group policy. For example, if the user and the user's group are selected in a firewall rule, the user's policy applies. If only the group is selected, the group policy applies.

  • To import or export user records, see Backup and firmware > Import export. Exported configurations are in .xml format.
  • To import user records from an Active Directory server, see Authentication > Servers.
  • To remove the records of Active Directory users who aren't present in the domain, click Purge AD users. To remove the user records from Sophos Firewall, you must first remove these from your AD server.


    If high availability is configured, user records are deleted from both the primary and the auxiliary devices. The purge doesn't interrupt user sign-in or sign-out, and accounting events.

  • To change user status between active and inactive, select a user and click Change status.

Back to top