Admin Settings

Device Configuration > System > Administration > Settings

Use Settings page to make modifications in the general port settings and Web Admin Login parameters. Make changes to the sign-in parameters for restricting the local and remote users based on the time.

Admin Port Settings
Web Admin HTTP Port
Provide the port number to configure HTTP Port for Admin Console access.
Default - 80
Web Admin HTTPS Port
Provide the port number to configure HTTPS Port for secured Admin Console access.
Default - 4444
User Portal HTTPS Port
Provide the port number to configure HTTPS Port for Secured User Portal access..
Default - 443
Certificate
Certificate to be used by User Portal and Captive Portal.
Login Security (Remote Admins)

To prevent the unauthorized access to the Admin Console and CLI, configure Admin Session Lock, Admin Session Logout time and Block Admin Login to block the access after number of failed sign-in attempts.

Lock Admin Session After
Configure inactivity time (in minutes) for the administrative session after which the device will be locked automatically. This configuration will be applicable to following components:
  • Admin Console
  • Telnet Console
  • IPSec Connection Wizard
  • Network Wizard
  • Group Import Wizard
Default - 3 Minutes
Logout Admin Session After
Configure time of admin inactivity in minutes after which the administrator will be logged out automatically.
Default - 10 Minutes
Note Admin Session Logout time value must be greater than Lock Admin Session time.
Block Admin Login
Enable to block sign-in to the Admin Console and CLI after configured number of failed attempts within configured time span.

Configure number of allowed failed sign-in attempts from the same IP Address within the time limit.

Specify number of minutes for which the administrator will not be allowed to sign in. The administrator account will locked for the configured minutes if allowed failed sign-in attempts exceeds.

Administrator Password Complexity Settings

Password Complexity can be configured to ensure that administrators are using secure passwords.

Enable Password Complexity Settings to enforce following constraints:
  • Minimum Password length. Configure minimum characters required in the password.

    Default - 8 Characters

  • Require minimum one upper and lower case alphabet
  • Require minimum one number (0 - 9)
  • Require at least one special character e.g. @, $, %
  • Password cannot be same as username.
Note All the enabled constraints are applied to password of administrator user only.
Login Disclaimer Settings

The Login Disclaimer allows setting a written message that administrators must read and agree prior to logging on to the Admin Console and CLI for device administration. If a disclaimer is set, it must be accepted before administrator can sign in.

Default disclaimer can be customized as per the requirement from the Messages page System > Administration > Messages. One can also review the customized message before setting.

Sophos Adaptive Learning

The product sends information periodically to Sophos which is used for the purpose of improving stability, prioritizing feature refinements, and protection effectiveness. It includes configuration and usage information, and Application usage and threat data.

Configuration and usage data such as Device information (hardware version, vendor), Firmware version and license information (not the owner), Features in use (status, on / off, count, HA status, Central Management status), amount of configured objects (count of hosts, policies), Product errors, CPU, memory and disk usage (in percentage), is collected by default.

No user-specific information or personalized information is collected. The information is transmitted to Sophos over HTTPS.

Send App & Threat data
Following Application usage and Threat data is gathered:
  • Unclassified applications to improve and enlarge the network visibility and application control library.
  • Data for IPS alerts, virus detected (also URL for which virus found), spam, ATP threats such as threat name, threat URL/IP, source IP, and applications used.

Default - Enable

SFOS Hot-fix

Allow auto-install of important Hot-fixes Hot-fixes are applied automatically if available. Disable if you do not want to apply hot-fix. Default - Enable