WebAdmin Idle Timeout

Log out after: In this field you can specify the period of time (in seconds) how long a WebAdmin session can remain idle before you are forced to log in again. By default, the idle timeout is set to 1,800 seconds. The range is from 60 to 86,400 seconds.

Log out on dashboard: By default, when you have opened the Dashboard page of WebAdmin, the auto logout function is enabled. You can, however, select this option to disable the auto logout function for Dashboard only.

WebAdmin TCP Port

By default, port 4444 is used as WebAdmin TCP port. In the TCP Port box you can enter either 443 or any value between 1024 and 65535. However, certain ports are reserved for other services. In particular, you can never use port 10443, and you cannot use the same port you are using for the User Portal or for SSL remote access. Note that you must add the port number to the IP address (separated by a colon) in the browser's address bar when accessing WebAdmin, for example

Terms of Use

Your company policies might demand that users accept terms of use when they want to access WebAdmin. Select the checkbox Display "Terms of Use" after login to enforce that users must accept the terms of use each time they log in to WebAdmin. Users will then be presented the terms of use after having logged in. If they do not accept them they will be logged out again.

You can change the terms of use text according to your needs. Click Apply to save your settings.

Sophos Adaptive Learning

You can help improving Sophos UTM by allowing it to transfer anonymous general information of your current configuration as well as information about detected viruses, or anonymous application fingerprints to Sophos. That kind of information cannot and will not be tracked back to you. No user-specific information is collected, i.e., no user or object names, no comments, or other personalized information. However, URLs for which a virus was found will be transmitted if web filter antivirus scanning is enabled.

The information is encrypted and transmitted to SophosLabs using SSLClosed Secure Sockets Layer. Once delivered, the data is stored in an aggregated form and made available to the software architects of Sophos for making educated design decisions and thus improve future versions of Sophos UTM.

Send anonymous telemetry data: If enabled, Sophos UTM gathers the following information:

  • Configuration and usage data: The system will send the following data to the servers of Sophos once a week.

    • Hardware and license information (not the owner), for example:

      processor Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz

      memory 512MiB System Memory

      eth0 network 82545EM Gigabit Ethernet Controller

      id: UTM

      version: 9.000000

      type: virtual

      license: standard

      mode: standalone

      active_ips: 2

      system_id: 58174596-276f-39b8-854b-ffa1886e3c6c

      The system ID identifies your Sophos UTM only in the way that information of your system is not accidentally collected twice, e.g. after a re-installation.

    • Features in use (only whether they are turned on or off), for example:

      main->backup->status: 1

      main->ha->status: off

    • Amount of configured objects, for example:

      objects->interface->ethernet: 2

      objects->http->profile: 5

    • Enabled web filtering categories and exceptions
    • CPU, memory and swap usage values in percent over the last seven days
  • Virus data: The system writes the following data into a file that will be uploaded automatically to the servers of Sophos every 15 minutes.

    • Information about viruses found by web protection, for example threat name, MIME type, URL of the request, or file size.
  • Intrusion prevention data: The IPS log will be checked every minute for new alerts. If there is a new alert, the following data will be sent instantly to Sophos:

    • Information about the alert, for example snort rule identifier and time stamp.
    • Hardware and license information (not the owner), for example CPU total and CPU usage, memory total and memory usage, SWAP total and SWAP usage, system ID, engine version and pattern version.
  • Advanced Threat Protection data: The system generates and uploads advanced threat protection data every 30 minutes.

    • Gathered information: system ID, time stamp, Sophos threat name, source IP, destination host, detection component, detection detail, number of threats, rule identifier.

The data is sent every 24 hours.

Send anonymous application accuracy telemetry data: You can help to improve the recognition and classification abilities of network visibility and application control by participating in the Sophos UTM AppAccuracy Program. If enabled, the system will collect data in form of anonymous application fingerprints and will send that to the research team of Sophos. There the fingerprints will be used to identify unclassified applications and to improve and enlarge the network visibility and application control library.