1. Software

Sophos XG Firewall Web Interface Reference and Admin Guide v16.5

Add to My manuals
627 Pages

advertisement

Sophos XG Firewall Web Interface Reference and Admin Guide v16.5 | Manualzz

By default, the check box is selected to Unlimited and no restriction is placed on data download for the duration of the policy. Clear the check box to specify the maximum data download allowed by the policy. The user cannot download data once the download network traffic limit is reached.

| System | 482

Figure 444: Individual Network Traffic - Non-Cyclic Policy

4. Click Save.

Note: Cycle Network Traffic limit cannot be greater than Maximum Network Traffic limit.

Network Address Translation

Network Address Translation (NAT) enables multiple hosts within your network to access Internet through a single public IP address. In doing so, NAT not only conserves the pool of public IP addresses, it also conceals the addressing scheme of your network.

When a client within the network sends a request to the Internet, the router forwards the request to the device. NAT translates the sender’s address to the device’s public IP address before forwarding the request to the Internet. When a response is received from an external source, NAT translates the public IP address into the client’s private IP address before forwarding the packet to the client.

The device is shipped with a predefined NAT policy named MASQ which cannot be updated or deleted. The MASQ policy automatically masquerades traffic using the IP address that is bound to the device’s WAN port.

For it to take effect, the NAT policy must be applied to a Firewall Rule (Protect > Firewall). For further details, go to

User / Network Rule

.

Device Access

The device allows you to create role-based administrator privileges which offer granular access control. It allows you to assign some of the super administrator's capabilities to others through Device Access Profiles. You can create profiles for special-purpose administrators based on their work role. Example: Policy administration, network administration, administration of logs.

The Profiles allow three categories of access control:

• None

• Read-Only

• Read-Write

The device is shipped with the following default profiles:

Administrator: Super administrator with full privileges. Administrator can create custom administrators and assign restricted or full privileges to them. Custom administrators with restricted privileges can update only their email address and password.

Audit Admin: Read-write privileges only to Logs & Reports.

Crypto Admin: Read-write privileges only for configuration of security certificate.

HAProfile: Read-only privileges. If High Availability (HA) is configured, administrators accessing the Admin

Console of the auxiliary device have the privileges that are defined in the HA Profile.

Security Admin: Read-write privileges to all features, not including Profiles and Logs & Reports.

Note:

• You cannot modify or delete the default profiles.

• You cannot delete a profile that is currently assigned to an administrator.

Add Profile

The device allows you to create multiple administrator profiles with differing levels of access control.

1. Go to System > Profiles > Device Access and click Add.

2. Enter the profile details.

Profile Name

Enter a unique name to identify the profile.

Configuration

Click to select the level of access to be given to a profile. You can select from the following levels of access:

Available Options:

None: No access to any page Read-Only: View the pages Read-Write: Modify the details

To set a common access level for all the menus, select the options at the top (None, Read-Only or

Read-Write). To set different access levels, select the option against the menu.

Click on the left side of a menu to view the sub-menu. To set differing access levels for submenus, select the option against the sub-menu.

Example: If you set the access level to Read-Only against Licensing, the profile user can view the

Licensing page but cannot make any modifications. To allow modifications, set the access level to

Read-Write.

Note:

Access Denied page

When an administrator tries to access a page or perform an operation that is not allowed by the assigned profile, the Access Denied page is displayed.

| System | 483

advertisement

Key Features

  • Firewall rules
  • Web filtering
  • Intrusion prevention
  • VPN
  • Wireless management
  • Email security
  • Advanced threat protection

Related manuals

Swisscom Huawei Router B593s-22 Instructions

Swisscom

Huawei Router B593s-22

  • Instructions
Sophos Group Level Web Interface Guide

Sophos

Group Level Web Interface

  • User guide
Sophos Cloud Firewall Manager Guide

Sophos

Cloud Firewall Manager

  • User guide
Lee's High-Tech Enterprise LWNF21-12D1 Transmitter User Manual

Lee's High-Tech Enterprise

LWNF21-12D1

  • User manual

Frequently Answers and Questions

What is the purpose of Sophos XG Firewall?
Sophos XG Firewall is a network security appliance designed to protect your network from threats.
What are the key features of Sophos XG Firewall?
Key features include firewall rules, web filtering, intrusion prevention, VPN, wireless management, email security, and advanced threat protection.
How do I access the Sophos XG Firewall web interface?
You can access the Sophos XG Firewall web interface by entering the IP address of the appliance in your web browser.
How do I configure basic firewall rules?
You can configure basic firewall rules by creating a new rule in the Firewall section of the web interface.
How do I enable web filtering?
You can enable web filtering by creating a new web filter policy in the Web section of the web interface.
What is the difference between a user rule and a network rule?
A user rule applies to a specific user, while a network rule applies to a specific network.
How do I create a VPN tunnel?
You can create a VPN tunnel by creating a new IPsec connection in the VPN section of the web interface.

advertisement

Table of contents