Advanced

Block Password Guessing

This function can be used to prevent password guessing. After a configurable number of failed login attempts (default: 3), the IP address trying to gain access to one of the facilities will be blocked for a configurable amount of time (default: 600 seconds).

Drop packets from blocked hosts: If enabled, all packets coming from blocked hosts will be dropped for the specified time. This option serves to avoid DoSClosed Denial of Service attacks.

Facilities: The check will be performed for the selected facilities.

Never block networks: Networks listed in this box are exempt from this check.

Local Authentication Passwords

Using this option, you can force the use of strong passwords for administrators or locally registered users having administrative privileges. You can configure password complexity to adhere to the following security requirements:

  • Minimum password length, default is eight characters
  • Require at least one lowercase character
  • Require at least one uppercase character
  • Require at least one numeral
  • Require at least one non-alphanumeric character

To enable the selected password properties select the Require complex passwords checkbox and click Apply.

Active Directory Group Membership Synchronization

Use this option to enable background syncing of AD group membership information.

The UTM can periodically synchronize group membership information and cache it locally to reduce traffic to the Active Directory server. When this option is enabled, group membership information will be synchronized with the configured Active Directory Single Sign-On server.

Click Synchronize Now to immediately synchronize group membership information.

Prefetch Directory Users

Users from eDirectory or Active Directory can be synchronized with Sophos UTM. This will pre-create user objects on Sophos UTM such that these user objects already exist, when users log in. The synchronization process can run weekly or daily.

To enable prefetching, make the following settings:

Server: The drop-down list contains servers that have been created on the Servers tab. Select a server for which you want to enable prefetching.

Prefetch interval: Select an interval to prefetch users. To run the synchronization weekly, select the day of the week when synchronization should start. To run the synchronization daily, select Daily.

Prefetch time: Select a time to prefetch users.

Groups: To specify which groups should be pre-created, enter the groups here. You can use the integrated LDAP browser to select these groups.

Click Apply to save your settings.

Prefetch Now: Click this button to start prefetching immediately.

Open Prefetch Live Log: Click this button to open the prefetch live log.

Enable backend sync on login (optional): With every prefetch event, the Backend sync option of the involved users (Users & Groups > Users tab) will be set to the value defined here. If the option is enabled, the users' Backend sync option will be enabled, if the option is disabled, the users' Backend sync option will be disabled.

Related Topics Link IconRelated Topics