Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add a group

  1. Go to Authentication > Groups and click Add.
  2. Enter a group name.
  3. Select a group type.

    Option Description
    Normal Require users to log on using a device with a client component.
    Clientless Do not require users to log on using a client. Access control is performed through the IP address.
  4. Select policies.

    Note

    Policies specified at the user level take precedence over those specified at the group level.

    Option Description
    Surfing quota Access based on a defined period and type. This policy can include a cycle type, hours, validity, and maximum hours.
    Access time Access or denial based on a defined recurring period.
    Network traffic Access based on bandwidth usage.
    Traffic shaping Access based on QoS traffic shaping policy. This policy can include a policy association, priority, and specific limits for uploading and downloading.
  5. Select the remote access policies.

    Option Description
    SSL VPN policy Allows remote access SSL VPN using clients, such as the Sophos Connect client.
    Clientless SSL VPN policy Access to be granted to users using only a browser as a client. This policy can include bookmarks or resources that clientless users are allowed to access.
    L2TP Allows access through L2TP connections.
    PPTP Allows access through PPTP connections.
  6. Specify the other settings.

    Note

    Policies specified at the user level take precedence over those specified at the group level.

    Option Description
    Quarantine digest Sends a list of emails held in the quarantine area to the user's inbox as a digest.
    MAC binding Requires users to sign in through specified devices.
    IPsec remote access Provide remote access IPsec VPN connections through the Sophos Connect client.
    Sign-in restriction

    Allow access from selected nodes.

    • Any node: The user can sign in from any node in the network.
    • Selected nodes: The user can only sign in from specified IP addresses.
    • Node range: The user can sign in from any IP address within the specified IP range.
  7. Click Save.

More resources