The administrator login session can be managed by configuring the inactivity timeout duration; after the configured period of time, the administrator's session is either locked or logged off. If Lock Admin Session was selected, the session is preserved and the administrator can resume the session after entering the password again. If Logout Admin Session was selected, the administrator is logged out and the session expires.
To prevent unauthorized access to the appliance, configure a proper Inactivity Timeout for administrator sessions.
Scenario: Configure Sophos XG Firewall to lock the admin session after 3 minutes of inactivity. Sophos XG Firewall will also logout the administrator after 5 minutes of inactivity.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall Applicable Version: 16.X.X onwards
You must be logged in to the Admin Console as an administrator with Read-Write permissions for the relevant feature(s).
The Lock Admin Session configuration is applicable to the following Sophos Firewall components:
To change the inactivity timeout duration for logging out the admin session:
Note: The Logout Admin Session must be higher than the Lock Admin Session.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.