Sophos XG Firewall Web Interface Reference and Admin Guide v16.5
Add to My manuals627 Pages
Sophos XG Firewall is a comprehensive network security solution that protects your network from threats, including malware, viruses, and intrusions. It is designed to be easy to use and manage, and offers a wide range of features to help you secure your network.
advertisement
Figure 393: Captive Portal Settings
Groups
The Groups page displays a list of all the default and custom groups.
A group is a collection of users having common policies that can be managed as a single unit thus providing the possibility to assign various policies to a number of users in one operation/step. Users that belong to a particular group are referred to as group users.
A group can contain default as well as custom policies.
Various policies that can be grouped are:
• Surfing quota policy which specifies the duration of surfing time and the period of subscription
• Access time policy which specifies the time period during which the user will be allowed access
• Network traffic policy which specifies the time allocated to cyclic/non-cyclic network traffic
• Traffic shaping policy which specifies the bandwith allocated for upload and download traffic
• Remote access policy which controls the access of remote clients
• Clientless policy which controls the access of clientless users
Creating a New User Group
This page describes how to configure a user group.
Once the appropriate group is assigned, the user will automatically inherit all the policies added to the group.
1. Go to Configure > Authentication > Groups and click Add.
2. Specify the user group details.
Group Name
Enter a unique name for the group.
Description
Specify a description for the group.
Group Type
Select the group type.
Available Options:
• Normal - The user of this group needs to log on using the client device to access the Internet.
| Configure | 412
• Clientless - The user of this group does not need to log on using the client device to access the
Internet and is symbolically represented by "group name (C)". Access control is performed through the IP address.
| Configure | 413
Figure 394: User Group Details
3. Specify the Policies.
Surfing Quota
Select the surfing quota policy from the list.
Note: For the group type Clientless, the option Unlimited is automatically applied.
Access Time
Select the access time policy from the list.
Note: For the group type Clientless, the option Unlimited is automatically applied.
Network Traffic (not available for the Clientless group)
Select the network taffic policy from the list.
Configured policy will be applicable to all the users who are member of this group.
Traffic Shaping
Select the traffic shaping policy from the list.
Configured policy will be applicable to all the users who are member of this group.
Remote Access
By default, the user will inherit his group's policy. To override the group policy, select a policy from the list.
You can also create a new policy directly on this page or from VPN > SSL VPN (Remote
Access) > VPN > SSL VPN (Remote Access) page.
If a user shall not be provided SSL VPN access then select No Policy Applied.
Clientless
By default, the user will inherit his group's policy. To override the group policy, select the policy from the list.
You can also create a new policy directly on this page or from VPN > Clientless Access > VPN >
Clientless Access page.
If a user shall not be provided SSL VPN access then select No Policy Applied.
Quarantine Digest
Configure quarantine digest.
Quarantine digest is an email containing a list of quarantined spam messages filtered by the device and held in the user quarantine area. If configured, the device will mail the digest on hourly, daily
or weekly basis to the user. Digest also provides a link to the User Portal from where the user can access and take an action on quarantined messages.
Available Options:
• Enable - The user will receive the quarantine digest at the configured frequency. This setting overrides the group setting.
• Disable - The user will not receive quarantine digest. This setting overrides the group setting.
Note: Quarantine digest is not applicable to Wi-Fi devices.
MAC Binding
Enable to bind the user to a MAC address. By binding a user to a MAC address, you are mapping the user with a group of MAC addresses.
L2TP (not available for the Clientless group)
Enable to grant group members access through an L2TP connection.
PPTP (not available for the Clientless group)
Enable to grant group members access through an PPTP connection.
Login Restriction (not available for the Clientless group)
Select the appropriate option to specify the login restriction for the group.
Available Options:
• Any Node - Select to allow a user to login from any of the nodes in the network.
• Selected Nodes - Select to restrict user login to the specified nodes. Specify an IP address. For an existing group, you can add further nodes, edit a node or remove a node.
• Node Range - Select to allow the user to login from a range of IP address. Specify the IP address range.
For the options Selected Nodes and Node Range, only IPv4 addresses are permitted.
| Configure | 414
| Configure | 415
Figure 395: Policies
4. Click Save.
Note: User configuration - MAC binding and policies is given precedence over the group configuration.
Adding Users to the Existing Groups
This page describes how to add a user to an existing group.
1. Go to Configure > Authentication > Groups
2.
Select the group to which you want to add the users by clicking the respective icon in the Manage column.
3. Click Add Member(s).
A pop-up window Add Group Member appears providing a list of all the users who can be added to the group along with some details. To search for a user filter the list based on the name and/or the current group.
4. Select the user you want to add to the group. You can select a single user or multiple users on the same page.
5. Click Add to confirm adding the member to the group.
6. Click Save.
The user is added to the group. You can check this by editing the group and clicking the Show Group Members button.
Viewing List of Group Members
This page describes how to check a user's membership in a group.
1. Go to Configure > Authentication > Groups.
2.
Select the group for which you want view the group members and click the edit icon in the Manage column.
advertisement
Key Features
- Firewall rules
- Web filtering
- Intrusion prevention
- VPN
- Wireless management
- Email security
- Advanced threat protection
Related manuals
Frequently Answers and Questions
What is the purpose of Sophos XG Firewall?
What are the key features of Sophos XG Firewall?
How do I access the Sophos XG Firewall web interface?
How do I configure basic firewall rules?
How do I enable web filtering?
What is the difference between a user rule and a network rule?
How do I create a VPN tunnel?
advertisement
Table of contents
- 7 What's New in this Release
- 9 Introduction
- 9 Flavors
- 9 Administrative Interfaces
- 10 Administrative Access
- 10 Using Admin Console
- 12 Supported Browsers
- 12 Menus
- 13 Pages
- 14 List Navigation Controls
- 14 Monitor and Analyze
- 14 Control Center
- 21 Current Activities
- 21 Live Users
- 22 Live Connections
- 24 Live Connections IPv
- 26 View Live Connection Details
- 30 IPsec Connections
- 30 Remote Users
- 30 Diagnostics
- 31 Tools
- 34 System Graphs
- 39 URL Category Lookup
- 40 Packet Capture
- 45 Connection List
- 49 Support Access
- 50 Protect
- 50 Firewall
- 52 User / Network Rule
- 64 Business Application Rule
- 119 Intrusion Prevention
- 119 DoS Attacks
- 120 IPS Policies
- 125 Custom IPS Signatures
- 126 DoS & Spoof Prevention
- 136 Policies
- 139 User Activities
- 140 Categories
- 142 URL Groups
- 142 Exceptions
- 143 Protection
- 145 Advanced
- 146 File Types
- 146 Surfing Quotas
- 149 User Notifications
- 149 Applications
- 149 Application List
- 150 Application Filter
- 153 Traffic Shaping Default
- 154 Wireless
- 154 Wireless Client List
- 154 Wireless Networks
- 158 Access Point Overview
- 164 Access Point Groups
- 165 Mesh Networks
- 168 Hotspots
- 177 Hotspot Voucher Definition
- 178 Rogue AP Scan
- 180 Wireless Settings
- 181 Hotspot Settings
- 182 Email
- 183 MTA Mode
- 209 Legacy Mode
- 236 Web Server
- 236 Web Servers
- 238 Protection Policies
- 242 Authentication Policies
- 244 Authentication Templates
- 245 SlowHTTP Protection
- 246 Advanced Threat
- 246 Advanced Threat Protection
- 247 Security Heartbeat
- 249 Sandstorm Activity
- 250 Sandstorm Settings
- 250 Configure
- 251 IPsec Connections
- 273 SSL VPN (Remote Access)
- 275 SSL VPN (Site to Site)
- 278 VPN Client
- 281 L2TP (Remote Access)
- 285 Clientless Access
- 285 Bookmarks
- 287 Bookmark Groups
- 287 PPTP (Remote Access)
- 289 IPsec Profiles
- 295 SSL VPN
- 299 Network
- 299 Interfaces
- 328 Zones
- 331 WAN Link Manager
- 348 IPv6 Router Advertisement
- 351 Cellular WAN
- 353 IP Tunnels
- 355 Neighbors (ARP-NDP)
- 358 Dynamic DNS
- 360 Routing
- 361 Static Routing
- 364 Policy Routing
- 366 Gateways
- 374 Information
- 387 Upstream Proxy
- 389 Multicast (PIM-SIM)
- 394 Authentication
- 395 Servers
- 404 Services
- 412 Groups
- 416 Users
- 423 One-Time Password
- 426 Captive Portal
- 429 Guest Users
- 435 Clientless Users
- 438 Guest User Settings
- 443 Client Downloads
- 445 System Services
- 446 High Availability
- 453 Traffic Shaping Settings
- 456 Log Settings
- 462 Data Anonymization
- 465 Traffic Shaping
- 469 Services
- 470 System
- 470 Profiles
- 471 Schedule
- 473 Access Time
- 475 Surfing Quotas
- 478 Network Traffic Quota
- 482 Network Address Translation
- 482 Device Access
- 484 Hosts and Services
- 485 IP Host
- 486 IP Host Group
- 487 MAC Host
- 488 FQDN Host
- 489 FQDN Host Group
- 489 Country Group
- 490 Services
- 491 Service Group
- 492 Administration
- 493 Licensing
- 494 Device Access
- 497 Admin Settings
- 500 Central Management
- 501 Notification Settings
- 503 Netflow
- 503 Messages
- 506 Backup & Firmware
- 509 Import Export
- 510 Firmware
- 512 Pattern Updates
- 514 Certificates
- 516 Certificate Authorities
- 517 Certificate Revocation Lists
- 518 Appendix A - Logs
- 518 Log Viewer
- 519 View List of System Events
- 520 View List of Web Filter Events
- 521 View List of Application Filter Events
- 522 View List of Malware Events
- 523 View List of Email Events
- 524 View List of Firewall Events
- 525 View List of IPS Events
- 526 View List of Authentication Events
- 527 View List of Admin Events
- 527 View List of Web Server Protection (WAF) Events
- 528 View List of Advanced Threat Protection Events
- 529 View List of Security Heartbeat Events
- 530 Log ID Structure
- 530 Log Type
- 531 Log Component
- 533 Log Subtype
- 534 Priority
- 534 Common Fields for all Logs
- 535 System Logs
- 544 Web Filter Logs
- 545 Module-specific Fields
- 545 Application Filter Logs
- 546 Module-specific Fields
- 547 Malware Logs
- 547 Module-specific Fields
- 549 Email Logs
- 550 Module-specific Fields
- 551 Firewall Rule Logs
- 552 Module-specific Fields
- 554 IPS Logs
- 555 Module-specific Fields
- 557 Authentication Logs
- 558 Module-specific Fields
- 558 Admin Logs
- 559 Module-specific Fields
- 559 Sandbox Report Logs
- 560 Web Application Firewall (WAF) Logs
- 561 Advanced Threat Protection (ATP) Logs
- 561 Heartbeat Logs
- 562 System Health Logs
- 562 Appendix B - IPS - Custom Pattern Syntax
- 569 Appendix C - Default File Type Categories
- 573 Appendix D - Supported Micro-Apps
- 576 Appendix E - USB Compatibility List
- 626 Appendix F - Compatibility with SFMOS
- 627 Appendix G - Additional Documents
- 627 Copyright Notice