Online guide https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/SNMP/AdministrationSNMPUserAdd/index.html.
The following statement on the online guide is wrong:
"You can add an SNMPv3 user and the authorized hosts. You can specify encryption and authentication settings to ensure confidentiality, message integrity, and user validity."
However you cannot add authorized hosts, because actually there is no way to filter SNMPv3 with a list of authorized hosts. You can't filter SNMPv3 at all. If you enable it on WAN it will become public. That list should be renamed as "Trap hosts":
"You can add an SNMPv3 user and the list of trap hosts. You can specify encryption and authentication settings to ensure confidentiality, message integrity, and user validity."
This error is very confusing, because there likely are lots of users which believe to protect a public SNMPv3 with a filter defined by the list of "authorized hosts".
Regards.