Skip to content
Avanet

Sophos portals: SophosID, Central, Support and Firewall access

Sophos has several portals that are easily confused in everyday life: SophosID, Sophos Central, Support Portal, local firewall WebAdmin, User Portal, VPN Portal, Captive Portal and documentation. It is important for admins which portal is intended for which purpose, which login is used and which accesses are security-critical.

This overview classifies the most important Sophos portals. The article is aimed primarily at admins who operate Sophos Firewall, Sophos Central or Remote Access and who need to quickly know where which task is being carried out in the event of support.

Quick overview

The most important portals:

  • SophosID: personal Sophos account for logging into Sophos services and accessing support and licensing features.
  • Sophos Central: Cloud management for products, users, devices, licenses, firewall management and reports.
  • Sophos Support Portal: Support cases, RMAs, Sophos KB and support communications.
  • Sophos Firewall WebAdmin: local firewall management for rules, VPN, NAT, certificates, logs, firmware and Device Access.
  • User Portal: User functions such as OTP, quarantine, downloads or older remote access functions.
  • VPN Portal: Remote Access with Sophos Connect download, VPN configurations and user access.
  • Captive Portal: User login for network access, guests or internal users via browser login.
  • Sophos Docs and Release Notes: current manuals, release notes and known limitations.

Not every portal is relevant in every environment. A pure Sophos Firewall installation without a central endpoint needs different access than a company with Sophos Central, MDR, ZTNA and several firewalls.

Sophos account and cloud portalsThese portals lie outside the local firewall and concern account, licensing, cloud management or support. They become particularly important when there are multiple admins, Sophos Central or a support case in play.

SophosID

The SophosID is the personal Sophos account. SophosID is used for several Sophos services, such as support, account and licensing functions, or access to certain Sophos portals.

Open SophosID:

SophosID Open account

Important for operation:

  • SophosID accounts should be personal, not a shared team login.
  • MFA should be enabled if Sophos offers it for the respective access.
  • If you leave, personal access must be removed from Sophos Central, support and license contexts.
  • Roles and responsibilities should be documented for service providers or multiple admins.

If a Sophos Firewall needs to be transferred to another account, Transfer Sophos Firewall to another Sophos Central account will help.

Sophos CentralSophos Central is the cloud management platform for many current Sophos products. Depending on the license, endpoint, server, email, wireless, ZTNA, firewall management, reporting, MDR/XDR and other functions are managed there.

Open Sophos Central:

Call Sophos Central

Further introductions:

For Sophos Firewall, Sophos Central is particularly relevant if firewalls are to be registered, centrally managed, inventoried or included in Central Firewall Reporting. The connection process is described in Connect Sophos Firewall to Sophos Central. Activate Central Firewall Reporting is suitable for reporting.

Important admin points:

  • Central admins should have their own accounts and appropriate roles.
  • MFA and admin roles should be checked regularly.
  • License status and terms are part of the operating process.
  • Changes via Sophos Central can be made more traceable in audit logs in current SFOS versions.
  • If there are multiple Central accounts, it should be clear which tenant contains which firewalls and licenses.Sophos Central Check licenses is suitable for license exams. Sophos Central administrative roles is relevant for permissions in Central. For larger structures, What is Sophos Central Enterprise? is the better start.

Sophos Support Portal

Support cases and RMAs are opened and managed in the Sophos Support Portal. It is also the entry point for many public Sophos KB articles.

Open support portal:

Go to the Sophos Support Portal

For support cases, you should clarify in advance:

  • Is there a valid support authorization or appropriate license?
  • Which serial number or central tenant ID is affected?
  • Which firmware version, appliance, logs and error messages are relevant?
  • Are there screenshots, time windows and reproducible steps?
  • Who can be reached internally for questions?

The practical procedure is in How to open a support ticket with Sophos. If Sophos requires access to a firewall, it should be set up in a controlled manner and then removed again. Set up Avanet support access on Sophos Firewall is suitable for this.

Local Sophos Firewall portals

The following portals run on or in the immediate vicinity of Sophos Firewall. Because they are closer to the productive network, they should be activated, named and secured with particular care.

Local Sophos Firewall WebAdmin

The WebAdmin Console is the local administration interface of the Sophos Firewall. Access typically occurs via the firewall IP and the configured HTTPS port.

Typical tasks:

  • Configure firewall rules, NAT and routing
  • Manage VPN, certificates and authentication
  • Check logs, Packet Capture and diagnoses
  • Perform firmware updates and backups
  • Device Access, secure MFA and admin access

The WebAdmin Console is not a normal web portal, but direct management access to the firewall. This access should only be possible from trustworthy networks. The most important connection item is Sophos Firewall Secure access: Configure Device Access correctly.

Sophos Firewall Getting Started is suitable for getting started with a new firewall. Enable MFA for Sophos Firewall WebAdmin, VPN Portal and Remote Access is relevant for Admin MFA.

User Portal, VPN Portal and Captive Portal

User Portal and VPN Portal are often confused. Both are local services of Sophos Firewall, but they perform different tasks and should only be activated when they are really needed.The User Portal is used for user functions such as OTP, personal downloads, or legacy VPN functions depending on the environment. The VPN Portal is particularly relevant in current remote access scenarios for Sophos Connect and VPN configuration downloads.

A sensible rule of thumb:

  • User Portal: For internal or known users, such as OTP, personal options or legacy user functions. Typical error: The portal remains publicly accessible even though it is no longer needed.
  • VPN Portal: For remote access users, Sophos Connect, SSL VPN profiles and remote access configurations. Typical error: Users do not see downloads because the policy, group or authentication does not match.
  • Captive Portal: For users on the network, browser login, user-based rules or guest access. Typical error: It is confused with the VPN Portal or used without a clear logout/session concept.

Important points:- All three portals are login areas and therefore security critical.

  • Accessibility is controlled via Administration > Device access.
  • Public accessibility should only be done consciously and with MFA, logging and tight access control.
  • Old portals often remain open even though users no longer need them after the rollout.
  • After changes to the VPN portal, certificate, DNS or user groups, profiles may need to be reimported.

Sophos Connect or SSL VPN: Which remote access solution is suitable? is suitable for the remote access decision. Sophos Connect Check client version and update safely helps with client updates and profile maintenance.

If a user is logged into the VPN Portal but configuration downloads like .ovpn fail unexpectedly, the Sophos Firewall User ID limit should also be checked in addition to permissions and MFA.

For new SSL VPN environments, you should first check the firewall configuration and portal dependencies. The process is in Sophos Firewall SSL VPN Set up remote access.

Plan certificates, FQDNs and portal namesPortal problems often seem like a login or VPN error to users, but they start with DNS and certificates. If WebAdmin, VPN Portal, User Portal, Captive Portal and WAF are running on similar host names or the same WAN address, you should deliberately separate and document the names.

Typical planning:

  • WebAdmin: Example admin.example.com. Make it only accessible from management networks, use the appropriate certificate and activate MFA.
  • VPN Portal: Example vpn.example.com. Certificate must match the download profile, Device Access should be set deliberately.
  • User Portal: Example portal.example.com. Only leave active if user functions are really needed.
  • Captive Portal: Example login.example.com. Test certificate, zone, session timeout and logout behavior.
  • WAF application: Example app.example.com. Check WAF rule, SNI, domains and backend host together.

If the firewall itself is to obtain public certificates, Sophos Firewall Set up Let’s Encrypt certificates is suitable. For shared wildcard certificates across multiple systems, Create Let’s Encrypt wildcard certificate is the better start.The operating sequence is important: First plan FQDN, DNS and certificate, then limit portal access via Administration > Device access and Local Service ACL, then distribute remote access profiles or WAF rules. If a certificate or portal FQDN is subsequently changed, Sophos Connect profiles, .ovpn files, bookmarks and monitoring usually also need to be checked.

Captive Portal correctly classify

The Captive Portal is not a remote access portal. It is used when users on the network should first complete a browser login before the firewall can associate the traffic with a user identity. This can be useful for guests, BYOD devices, or environments without transparent user identification.

Typical applications:

  • Guests or BYOD devices must log in before internet access is allowed.
  • User-based firewall rules should take effect even though no STAS, SATC or other transparent mechanism is available.
  • Individual networks need simple user mapping without full endpoint integration.Captive Portal should not be seen as a replacement for clean network segmentation. If a network is particularly worth protecting, separation via zones, VLANs and clear firewall rules remain more important. The basics are in Plan zones and interfaces on Sophos Firewall. For classic user connection with Active Directory, Integrate Active Directory into Sophos Firewall is suitable.

If Captive Portal is to be operated with Microsoft Entra ID SSO, the process is different than for VPN Portal or Sophos Connect. Set up Microsoft Entra ID SSO for Sophos Firewall Captive Portal is suitable for this.

Important in operation:

  • Captive Portal needs accessible local firewall services. Device Access and Local Service ACL must match this.
  • Session timeouts should match the environment. Sessions that are too long dilute user allocation, sessions that are too short disrupt users.
  • Logout, group mapping and Log Viewer should be tested with real test users.
  • In networks with sensitive systems, Captive Portal is usually not strong enough as a sole control.If Captive Portal cannot be reached from a network, you should not change normal firewall rules first. Often the cause is Administration > Device access, Local Service ACL Exception Rules, DNS, certificate or incorrect zone mapping. Device Access and Local Service ACL to Sophos Firewall is suitable for local access control.

Operations, documentation and security

In addition to the right portal, it is crucial that access, documentation and operational processes are checked regularly.

Check documentation specifically

For current technical details, official Sophos Docs and release notes are more important than old blog posts or screenshots. Especially with SFOS versions, Sophos Connect, license changes, platform support and known limitations, you should check version-dependent information before making a productive change. Such sources should only be linked in the article itself if the admin really needs to open them for the specific work step.

When it comes to firmware topics, it’s not just download availability that counts. Before an update, the platform, upgrade path, backup, HA state and known blockers are important. The process is in Check Sophos Firewall before SFOS 22 upgrade and Sophos Firewall Firmware Update - Preparation and Best Practices.

Security check for portal access

Portals are convenient, but every login is a potential attack surface. That’s why you should check regularly:

  • Which SophosID and Central admins still exist?
  • Is MFA active for SophosID, Sophos Central and firewall admins?
  • Are WebAdmin, SSH, User Portal, VPN Portal and SSL VPN only accessible where they are needed?
  • Are there shared admin accounts that should be replaced?
  • Are failed logins checked regularly?
  • Are old VPN profiles, old users and former service providers removed?
  • Is there a fresh backup and known recovery access?

For local firewall services, Device Access is the central control point. Sophos Firewall Send syslog to SIEM makes sense for longer log storage or security monitoring.

FAQ

Is SophosID the same as Sophos Central?

No. SophosID is the personal account or identity for Sophos services. Sophos Central is the cloud management platform where products, devices, users, licenses and security functions are managed.

Which portal do you need for a Sophos Firewall?

For local operation you need the WebAdmin Console firewall. SophosID, Sophos Central and the support portal may also be relevant for registration, licensing, support, central management or reporting.

Where do you open a Sophos support ticket?

Support tickets are opened in the Sophos Support Portal. Serial number, license status, firmware version, error description, logs and time windows should be collected beforehand.

Should the User Portal or VPN Portal be accessible from the Internet?

Only when it is really needed. If a portal is publicly accessible, MFA, Device Access, ACL exception rules, logging and regular checks should be properly implemented.

Is Captive Portal an alternative to VPN Portal?

No. Captive Portal is intended for users on the local network who log in via browser so that the firewall can associate traffic with a user identity. VPN Portal and Remote Access, on the other hand, enable external access to internal resources.

Where can you find the current Sophos Firewall release notes?

The current release notes are in the official Sophos documentation. When planning an upgrade, you should also check existing Avanet KB articles on firmware, backup, HA and remote access.