Skip to content

Admin and user settings

Check and specify the admin port settings and sign-in parameters. Customize the sign-in parameters to restrict local and remote user access based on time duration.


Enter the host details of your Sophos Firewall.

Hostname: Enter a fully qualified domain name (FQDN), such as

Acceptable range: 0 to 256 characters.

When you sign in to the web admin console, the browser tab shows this hostname. If you've signed in to multiple firewalls in the same browser window, you can identify a firewall by the hostname shown in the browser tab.


When the firewall is deployed for the first time, its serial ID is used as the hostname.

Description: Enter a description.

Admin console and end-user interaction

Configure the port and certificate settings.

Admin console HTTPS port: HTTPS port to access the firewall's web admin console.

Default: 4444

User portal HTTPS port: Port number for users to access the user portal.

Default: 443


User portal port: 3311

User portal link for IP address (

User portal link for hostname (myfirewall): https://myfirewall:3311


If you manually change the default ports, we strongly recommend using a unique port for each service. This ensures that services aren't exposed to the WAN zone when you haven't configured WAN access for them.

For example, if you use port 443 for both user portal and SSL VPN, the user portal will be accessible from the WAN zone.

Certificate: Select the certificate to be used by user portal, captive portal, SPX registration portal, and SPX reply portal.

When redirecting users to the captive portal or other interactive pages, use one of the following options:

  • Firewall's configured hostname. You configure this on Admin and user settings under Hostname.
  • IP address of the first internal interface.
  • A different hostname.

Click Check settings to test your configuration.

security settings

Login security

  1. Select Log out admin session after to automatically sign out administrators from the web admin console after the specified time of inactivity.

    Default: 10 minutes

  2. Select Block login to block sign-ins to all services for users and administrators based on the number of failed sign-in attempts.

    1. To block sign-ins from the user or administrator's source IP address, do as follows:

      1. Enter the number of failed sign-in attempts.
      2. Enter the time within which the attempts are made.
    2. Enter the block duration.

      For failed attempts to sign in to any service, the web admin console, CLI, and user portal won't open from the source IP address.


Administrators signing in to the web admin console, and local and guest users signing in to the user portal from the WAN or VPN zones must enter a CAPTCHA by default.

Local users are registered in the firewall rather than an external authentication server, such as an AD server.

Failed CAPTCHA attempts aren't counted as failed sign-in attempts and don't trigger the Block login setting.


CAPTCHA isn't available on XG 85 and XG 85w devices.

To turn off CAPTCHA for VPN zones, enter the following command on the CLI:

system captcha_authentication_VPN disable

Administrator password complexity settings

Select Enable password complexity check to turn on password complexity settings for administrators and specify the settings.

User password complexity settings

Select Enable password complexity check to turn on password complexity settings for users and specify the settings.

Login disclaimer settings

  1. Select Enable login disclaimer to show a disclaimer when administrators try to sign in to the web admin console and CLI.
  2. To customize and preview the message, click the links.

    To sign in, administrators must click I accept after entering their credentials.

Sophos Adaptive Learning

Select to send the following application usage and threat data to Sophos: Unclassified applications (to improve network visibility and enlarge the application control library), data for IPS alerts, detected virus (including URLs), spam, ATP threats, such as threat name, threat URL and IP address, source IP address, and applications used.

The device sends periodic information to Sophos over HTTPS to improve stability, prioritize feature refinements, and to improve protection effectiveness. No user-specific information or personalized information is collected. The device sends configuration and usage data by default. This includes device information (example: model, hardware version, vendor), firmware version and license information (does not include owner information), features that are in use (status, on/off, count, HA status, central management status), configured objects (example: count of hosts, policies), product errors, and CPU, memory, and disk usage (in percentage).

More resources