Skip to content
Any configuration changes made locally on the switch won't be synchronized with Sophos Central. We recommend making changes from the Sophos Central control panel instead.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/switch/help/en-us/index.html?contextId=user-guide-features-security-access-settings

Access

On the Access tab, you can configure settings for the management and CLI interfaces, as well as the authentication method used for both.

Web

Sophos Switch provides a built-in browser interface you can use to configure and manage the switch via HTTPS. On the Web tab, you can manage the settings for HTTPS connections.

You can configure the following settings:

  • Time-out: Enter the amount of time, in minutes, that elapses before the switch disconnects HTTPS sessions. The range is from 0 to 10000. The default is 5.
  • HTTPS service: Select whether the HTTPS service is Turned on or Turned off.

CLI

On the CLI tab, you can configure Telnet and SSH connection options for the switch's CLI.

You can configure the following settings:

  • Time-out: Enter the amount of time, in minutes, that elapses before Telnet and SSH connections time out. The range is from 0 to 10000 minutes. The default is 30.
  • Telnet service: Select whether Telnet service for the switch is Turned on or Turned off. Because Telnet is less secure than SSH, it's turned off by default.
  • SSH service: Select whether the SSH service is Turned on or Turned off.

Click Apply to update the system settings.

Authentication method

Both the web interface and CLI use the same authentication method. On the Authentication method tab, you can choose which method the switch uses to authenticate users signing in to the web interface and CLI.

You can select one of the following options:

  • Local: Authenticate using admin and user accounts created on the switch. See People.
  • RADIUS fallback to local: Authenticate using the configured RADIUS server and fall back to local authentication if the RADIUS authentication fails. See RADIUS server.
  • TACACS+ fallback to local: Authenticate using the configured TACACS+ server and fall back to local authentication if the RADIUS authentication fails. See TACACS+ server.