Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Profile Management for Device Access in Sophos Firewall

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Overview

This Recommended Read will help customize the user profile to allow access to specific modules in Sophos Firewall and will also discuss the steps to manage the user profile for device access. 

Let’s take an example: You need to allow only “VPN access” to the user who handles the VPN infrastructure in your organization.

In this case, we can create a customized profile that requires privileges to allow only the “VPN module.”

Note: Please be advised of the following:

  • Reverting it to the default group isn’t possible once given Administrator rights
  • To revert its permission, the User profile needs to be recreated.

Step 1:Add Custom Profile

  • Log in to the Sophos Firewall
  • Go to System>Profiles> Device Access from the admin account, and Add the custom profile for the “VPN Administrator”.


Note: The firewall already has a few default profiles created that can be used as per the requirement, the customer profile can be created.

 Default profiles can't be EDITED or DELETED.

Step 2: Allowing Read-Write Access

Click the Radio button for the VPN Module. Select the below:

  • Connect Tunnel
  • Other VPN Configurations

Note: In the snapshot, we allowed users with “Read-Only” privileges access to the “Control Center” and “Logs & Reports. "

This is for visibility purposes. The rest of the modules are “None”.

  • Here, we can see the custom profile is created for the VPN admin.

Step 3: Assigning the Administrator Role

We would need to assign this profile to the user who has the Administrator role.

Go to Authentication > Users and Edit the Administrator profile of the user, then assign the required custom Profile.

Note:

  • If the user doesn’t have an administrator role, you can edit the user type from Authentication > Users.
  • We can change the Profile from User to Administrator without creating a new profile. However, the Administrator profile can not be reverted/changed to User profile. To change the Administrator profile to user profile you need to delete the specific "User" and recreate it with required role/user type. 

After assigning the profile, the user needs to log in with the correct credentials, and they can only be able to change the VPN tab.

The user won’t have access to other tabs and will see a message indicating, "You do not have the privilege to access the page or perform the operation."





Revamped - Formatting, Grammar
[edited by: Raphael Alganes at 11:30 AM (GMT -8) on 18 Nov 2024]
Parents Reply Children
No Data