Sophos Firewall: Profile Management for Device Access in Sophos Firewall

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

Overview

This article will help customize the user profile to allow access to specific modules in Sophos Firewall and will also discuss the steps to manage the user profile for device access.

Let’s take an example wherein you need to allow only “VPN access” to the user who handles the VPN infrastructure in your organization.

In this case, we can create a customized profile that requires privileges to only allow “VPN module”.

Note: Please be advised of the following:

Reverting it to the default group isn’t possible once given Administrator rights
In over to revert its permission, the User profile needs to be recreated.

Step1:Add Custom Profile

Log in to the Sophos Firewall
From the admin account, go to Profile > Device Access, and Add the custom profile for the “VPN Administrator”.

Note: Firewall already has a few default profiles created that can be used as per the requirement, else the customer profile can be created.

Default profiles can't be EDITED or DELETED.

Step2: Allowing Read-Write Access

Click the Radio button for VPN Module. Select the following below:

Connect Tunnel
Other VPN Configurations

Note: In the snapshot, we allowed the “Control Center” and “Logs & Reports” access to users with “Read-Only” privileges.

This is for visibility purposes. The rest of the modules are “None”.

Here, we can see the custom profile is created for the VPN admin.

Step3:Assigning the Administrator Role

We would need to assign this profile to the user who has the Administrator role.

Go to Authentication > Users and Edit the Administrator profile of the user, then assign the required custom Profile.

Note:

If the user doesn’t have an administrator role, then you can edit the user type from Authentication > Users.
We can change Profile from User to Administrator without creating the new profile, however, Administrator profile can not be revert/change to User profile. To change the Administrator profile to user profile you need to delete the specific "User" and recreate it with required role/user type.

After assigning the profile, the user needs to log in with the correct credentials, and they can only be able to change the VPN tab.

The user won’t have access to other tabs and will see a message indicating that they have no rights to perform the operation.

Updated Disclaimer
[edited by: Erick Jan at 9:50 AM (GMT -7) on 17 Apr 2023]

Top Replies

Erick Jan over 2 years ago in reply to Prism +3

Hi Prism, Thank you for the feedback, will add this.

Prism over 2 years ago

Hello!

I recommend you to add a note showcasing it isn't possible to revert a user back to the default group after giving it Administrator rights.

In order to revert the permission you will need to recreate the user.

Thanks!

If a post solves your question use the 'Verify Answer' button.

XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Cancel
Erick Jan over 2 years ago in reply to Prism

Hi Prism,

Thank you for the feedback, will add this.

Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +3 Vote Down

Sign in to reply

Cancel
Arkita Thakkar over 2 years ago in reply to Prism

Hi Prism,

Thank you for the feedback, the information we have updated.

Arkita Thakkar

Senior Technical Support Engineer L2 (NSG) | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
Cancel
Vote Up +1 Vote Down

Sign in to reply

Cancel