[Latest 2026] Sophos Firewall: Guide to Monitoring & Exporting Reports From Sophos Firewall V22

Table of Contents

I – Overview of Monitoring and Exporting Reports From Sophos Firewall V22

This article aims to:

  • Guide how to view and filter logs on Sophos Firewall.
  • Guide reading and exporting reports for operation and reporting.
  • Help administrators quickly detect issues and security threats.

Through this, help the system be monitored effectively and operate more securely.

II – Details on Monitoring and Exporting Reports From Sophos Firewall V22

1. Introduction to Report & Log Features of Sophos Firewall

1.1 – Dashboards

View information about network traffic passing through the firewall and security threats.

The main dashboard types include:

User threat quotient (UTQ): ranks users based on security risk score

Traffic dashboard: classification by network traffic

Security dashboard: blocked activities and threats: malware, IPS, spam, attack sources

Executive report: summary information for managers: highlighted traffic & threats

1.2 – Application & Webs

View information about application and Internet usage on your network.

Application Risk Meter is the method by which the Firewall calculates a score based on the risk level and the number of accesses (hits) of each application.
The application risk index is determined based on the average score of all application traffic.

The setting groups that can be monitored in this section include:

  • User app risks & usage: Statistics on the usage of applications and their corresponding risk levels.
  • Cloud applications usage: Statistics on the usage of cloud applications.
  • Blocked user apps: Instances where application access was blocked.
  • Synchronized applications: Applications that are classified and synchronized from endpoints to the firewall.
  • Web risks & usage: Web access activity within the network and related risks.
  • Blocked web attempts: Instances where web access attempts were blocked.
  • Search engine: Statistics of users’ search behavior.
  • Web content: Matches from the content filtering system and related information.
  • Web server usage: Traffic of Applications, Web, Internet, and FTP.
  • Web server protection: Security status of Web Servers, including attacks and attack sources.
  • User data transfer: User traffic.
  • FTP usage: FTP activity.
  • FTP protection: Malicious FTP activity.

1.3 – Networks & Threat

Displays information about network usage and related threats

Các nhóm Setting có thể theo dõi trong phần này, bao gồm:

  • Intrusion attacks: Attack attempts.
  • Active threat response: Threat events and compromised machines detected by MDR (Managed Detection and Response) and Sophos X-Ops.
  • Wireless: Access points and SSIDs being used.
  • Security Heartbeat: The health status of endpoints within the network based on the connection between the endpoint and the Firewall.
  • Zero-day protection: Advanced protection against new attacks.

1.4 – VPN

View information about remote users (users connecting remotely) to your network system through IPsec VPN, SSL VPN, and Clientless Access.

The setting groups that can be monitored in this section include:

  • VPN: Traffic generated by remote users through IPsec, L2TP, or PPTP.
  • SSL VPN: Traffic generated by remote users through the SSL VPN Client.
  • Clientless Access: Traffic generated by remote users through a web browser.

1.5 – Email

View information about email traffic in the network system.

The setting groups that can be monitored in this section include:

  • Email Protection: Email traffic in the network system that contains viruses and spam.
  • Email Usage: Email traffic within the network system.

1.6 – Compliance

View information about compliance with regulations/standards:

The standard groups that can be monitored in this section include:

  • HIPAA: Security Report compliant with the HIPAA standard.
  • GLBA: Security Report compliant with the GLBA standard.
  • SOX: Security Report compliant with the SOX standard.
  • FISMA: Security Report compliant with the FISMA standard.
  • PCI: Security Report compliant with the PCI standard.
  • NERC CIP v3: Security Report compliant with the NERC CIP v3 standard.
  • CIPA: Security Report compliant with the CIPA standard.
  • Events: Network events and their corresponding severity levels.

1.7 – Custom

Tạo báo cáo bao gồm các tiêu chí được chỉ định.

The types of reports that can be created in this section include:

  • Web Report: Search for web browsing activity or viruses. Can be filtered by user, domain, and other criteria.
  • Mail Report: Search for Email traffic, Spam, and Viruses. Can be filtered by protocol, user, and other criteria.
  • FTP Report: Search for FTP activity and viruses. Can be filtered by transfer type, user, file, or source IP.
  • User Report: Statistics on usage levels such as high-risk applications, ineffective websites, and detected viruses. Can be filtered by username and source host.
  • Web Server Report: Search for Web Server activity (time, user, URI) as well as Web Server protection events.

1.8 – Log Viewer

The Log Viewer displays system event logs and automatically updates in real time.

To access it, click Log Viewer in the top-right corner of the Sophos Firewall interface.

A new Log Viewer window will appear, and administrators can view logs in real time here.

Administrators can choose specific log types to monitor, such as:

  • Admin
  • Active Threat Response
  • Application filter
  • Authentication
  • Email
  • Firewall
  • IPS
  • Malware
  • Security Heartbeat
  • SSL/TLS inspection
  • SD-WAN
  • System
  • VPN
  • Web content policy
  • Web filter
  • Web server protection
  • Zero-day protection

2. How to export reports on Sophos Firewall

During system administration, administrators often need report files summarizing system usage and important threats.

Therefore, in this guide the Executive Report is selected to perform report exporting.

To export a scheduled report, select Show Report Settings.

Choose Report Scheduling, then click Add.

Enter the following information:

  • Name: name of the report schedule
  • Description: optional description
  • To email address: email address receiving the report (multiple emails can be entered)
  • Report type: select the type (for example: Report group)
  • Report group: choose the appropriate report group (for example: Executive Report)
  • Email frequency: choose Daily or Weekly and the time to send the report via email

After completing the information, click Save.

translate this post to english exactly: I – Tổng quan về Activate và Renew License Sophos Firewall Bài viết hướng dẫn cách activate và renew license Sophos Firewall thông qua Sophos Central. Sophos Central là nền tảng quản lý tập trung cho phép quản lý thiết bị, license và đồng bộ trạng thái license từ cloud về firewall. II – Hướng dẫn Activate License Sophos Firewall 1. Tạo tài khoản Sophos Central Nếu chưa có tài khoản Sophos Central, tham khảo: https://thegioifirewall.com/sophos-central-huong-dan-tao-tai-khoan-sophos-central-trial/ Đăng nhập Sophos Central bằng tài khoản Super Admin. 2. Claim thiết bị Sophos Firewall – Vào Account → Licensing Firewall licenses – Chọn Firewall licenses  – Chọn Claim firewall  – Nhập Serial Number thiết bị  Sau khi claim thành công, thiết bị sẽ hiển thị trong danh sách quản lý. 3. Apply License cho thiết bị – Chọn thiết bị → Apply subscriptions – Nhập License Key – Preview subscription → Apply license 4. Đồng bộ License về Firewall – Vào Sophos Firewall → Administrator → Device access – Nhấn Synchronize III – Lưu ý khi Renew License Sophos Firewall Đối với các lần gia hạn (renew) license trong tương lai, cần lưu ý – License Number: chỉ dùng để tracking và support, không dùng để activate. – License Key: bắt buộc để kích hoạt hoặc renew license. 1. Cơ chế đồng bộ license khi renew: Trong hầu hết các trường hợp, nếu Sophos Firewall đã được liên kết đúng Sophos Central account, license sau khi renew sẽ tự động đồng bộ xuống thiết bị mà không cần thao tác thủ công. Tuy nhiên, nếu license không tự đồng bộ và vẫn hiển thị trạng thái Expired, bạn có thể thực hiện các bước sau: Kiểm tra license trong Sophos Central hoặc Sophos Partner Portal để xác định License Key tương ứng Thực hiện apply License Key thủ công cho thiết bị Firewall (theo hướng dẫn ở Mục II.3) 2. Trường hợp không nhận được License Key: Nếu email gia hạn không chứa License Key, khuyến nghị: Kiểm tra lại thông tin license trong Sophos Portal Hoặc liên hệ Sophos Support / Partner để xác nhận chính xác License Key trước khi apply

I – Overview of Activate and Renew License Sophos Firewall

This article guides how to activate and renew a Sophos Firewall license through Sophos Central.
Sophos Central is a centralized management platform that allows management of devices, licenses, and synchronization of license status from the cloud to the firewall.

II – Guide to Activate Sophos Firewall License

1. Create a Sophos Central account

If you do not have a Sophos Central account yet, refer to:
https://thegioifirewall.com/sophos-central-huong-dan-tao-tai-khoan-sophos-central-trial/

Log in to Sophos Central using a Super Admin account.

2. Claim the Sophos Firewall device

  • Go to Account → Licensing Firewall licenses
  • Select Firewall licenses
  • Select Claim firewall
  • Enter the device Serial Number

After a successful claim, the device will appear in the management list.

3. Apply License to the device

  • Select the device → Apply subscriptions
  • Enter the License Key
  • Preview subscription → Apply license

4. Synchronize License to the Firewall

  • Go to Sophos Firewall → Administrator → Device access
  • Click Synchronize

III – Notes when Renewing Sophos Firewall License

For future license renewals, please note:

  • License Number: only used for tracking and support, not used for activation.
  • License Key: required to activate or renew the license.

1. License synchronization mechanism when renewing

In most cases, if the Sophos Firewall has been properly linked to the Sophos Central account, the license after renewal will automatically synchronize to the device without requiring manual action.

However, if the license does not automatically synchronize and still shows Expired status, you can perform the following steps:

Check the license in Sophos Central or Sophos Partner Portal to determine the corresponding License Key

Manually apply the License Key to the Firewall device (according to the instructions in Section II.3)

2. Case when the License Key is not received

If the renewal email does not contain the License Key, it is recommended to:

Check the license information again in the Sophos Portal

Or contact Sophos Support / Partner to confirm the correct License Key before applying it.

translate this post to english exactly:https://vacif.com/moi-nhat-2026-huong-dan-activate-renew-license-sophos-firewall/

Here is the exact English translation of the post from:
[MỚI NHẤT 2026] – HƯỚNG DẪN ACTIVATE & RENEW LICENSE SOPHOS FIREWALL

[LATEST 2026] – GUIDE TO ACTIVATE & RENEW SOPHOS FIREWALL LICENSE

I – Overview of Activate and Renew Sophos Firewall License

This article guides how to activate and renew the Sophos Firewall license through Sophos Central.

Sophos Central is a centralized management platform that allows managing devices, licenses, and synchronizing license status from the cloud to the firewall. 

II – Guide to Activate Sophos Firewall License

1. Create a Sophos Central account

If you do not yet have a Sophos Central account, refer to:
https://thegioifirewall.com/sophos-central-huong-dan-tao-tai-khoan-sophos-central-trial/

Log in to Sophos Central using a Super Admin account.

2. Claim the Sophos Firewall device

  • Go to Account → Licensing → Firewall licenses
  • Select Firewall licenses
  • Select Claim firewall
  • Enter the device Serial Number

After claiming successfully, the device will appear in the management list.

3. Apply License to the device

  • Select the device → Apply subscriptions
  • Enter the License Key
  • Preview subscription → Apply license

4. Synchronize License to the Firewall

  • Go to Sophos Firewall → Administrator → Device access
  • Click Synchronize

III – Notes when Renewing Sophos Firewall License

For future license renewals, please note:

  • License Number: only used for tracking and support, not used for activation.
  • License Key: required to activate or renew the license.

1. License synchronization mechanism when renewing

In most cases, if the Sophos Firewall has been correctly linked to the Sophos Central account, the license after renewal will automatically synchronize to the device without requiring manual operations.

However, if the license does not automatically synchronize and still shows the Expired status, you can perform the following steps:

  • Check the license in Sophos Central or Sophos Partner Portal to determine the corresponding License Key
  • Manually apply the License Key to the Firewall device (according to the instructions in Section II.3

2. Case when the License Key is not received

If the renewal email does not contain the License Key, it is recommended to:

  • Check the license information again in the Sophos Portal
  • Or contact Sophos Support / Partner to confirm the correct License Key before applying it. 

If you want, I can also help you rewrite this translation to sound more natural for a blog post in English (keeping the meaning but making it read like native technical documentation).

translate this post to english exactly: https://vacif.com/en/moi-nhat-2026-sophos-firewall-huong-dan-theo-doi-xuat-report-tu-sophos-firewall-v22/

Here is the exact English translation of the post from:
https://vacif.com/moi-nhat-2026-sophos-firewall-huong-dan-theo-doi-xuat-report-tu-sophos-firewall-v22/ (translated literally line‑by‑line where appropriate):

[Latest 2026] Sophos Firewall: Guide to Monitoring & Exporting Reports From Sophos Firewall V22

Table of Contents

  • I – Overview of monitoring and exporting reports from Sophos Firewall V22
  • II – Details on monitoring and exporting reports from Sophos Firewall V22
      1. Introduction to Report & Log features of Sophos Firewall
    • 1.1 – Dashboards
    • 1.2 – Application & Webs
    • 1.3 – Networks & Threat
    • 1.4 – VPN
    • 1.5 – Email
    • 1.6 – Compliance
    • 1.7 – Custom
    • 1.8 – Log Viewer
      1. How to export a Report on Sophos Firewall

I – Overview of Monitoring and Exporting Reports From Sophos Firewall V22

This article aims to:

  • Guide how to view and filter logs on Sophos Firewall.
  • Guide reading and exporting reports for operation and reporting.
  • Help administrators quickly detect issues and security threats.

Through this, help the system be monitored effectively and operate more securely. 

II – Details on Monitoring and Exporting Reports From Sophos Firewall V22

1. Introduction to Report & Log Features of Sophos Firewall

1.1 – Dashboards

View information about network traffic passing through the firewall and security threats. The main dashboard types include:

  • Traffic dashboard: classification by network traffic
  • Security dashboard: blocked activities and threats: malware, IPS, spam, attack sources
  • Executive report: summary information for managers: highlighted traffic & threats
  • User threat quotient (UTQ): ranks users based on security risk score 

1.2 – Application & Webs

View information about application and Internet usage on your network.

Types of monitoring in this section include:

  • User app risks & usage
  • Cloud applications usage
  • Blocked user apps
  • Synchronized applications
  • Web risks & usage
  • Blocked web attempts
  • Search engine statistics
  • Web content details
  • Web server usage
  • Web server protection 

1.3 – Networks & Threat

View information about network usage and related threats, including:

  • Intrusion attacks
  • Active threat response (Threat events detected by MDR and Sophos X‑Ops)
  • Wireless usage
  • Security Heartbeat status
  • Zero‑day protection details 

1.4 – VPN

View information about remote users connecting to your network through IPsec VPN, SSL VPN, and Clientless Access. 

1.5 – Email

View information about email traffic and protection against viruses/spam in the system. 

1.6 – Compliance

View information about compliance reports for standards such as HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA, and Event levels. 

1.7 – Custom

Create reports based on specified criteria, including:

  • Web Report: search web activity or virus logs
  • Mail Report: search email, spam and virus activity
  • FTP Report: search FTP activity
  • User Report: statistics on high‑risk application usage and website access
  • Web Server Report: search web server activity (time, user, URI) and protection events 

1.8 – Log Viewer

The Log Viewer displays event logs and updates automatically in real‑time. Administrators can select specific log types to monitor (such as Admin, Firewall, IPS, Malware, VPN, Web filter, etc.). 

2. How to Export Reports on Sophos Firewall

During system administration, administrators need comprehensive report files reflecting system usage and key threats. Therefore, in this guide the Executive Report is selected to perform report exporting.

To export a scheduled report:

  • Select Show Reports Settings
  • Choose Report Scheduling, then click Add
  • Enter the following information:
    • Name: Name of the report schedule
    • Description: (optional)
    • To email address: email address that receives the report (can enter multiple emails)
    • Report type: Choose type (e.g., Report group)
    • Report group: Choose suitable report group (e.g., Executive Report)
    • Email frequency: Choose Daily or Weekly and the time to send the report via email
  • After entering complete information, click Save

When the schedule runs as configured, Sophos will email the report file to the specified email address according to the schedule. 

If you want this translation formatted more naturally for an English technical article or documentation, feel free to ask!

translate this entire post to english exactly: https://vacif.com/en/moi-nhat-2026-sophos-firewall-huong-dan-theo-doi-xuat-report-tu-sophos-firewall-v22/

Below is the direct English translation of the article from
VACIF:
“[Mới nhất 2026] Sophos Firewall: Hướng Dẫn Theo Dõi & Xuất Report Từ Sophos Firewall V22”.
The structure and wording are kept as close as possible to the original text

[Latest 2026] Sophos Firewall: Guide to Monitoring & Exporting Reports from Sophos Firewall V22

Table of Contents

  • I – Overview of monitoring and exporting reports from Sophos Firewall V22
  • II – Details of monitoring and exporting reports from Sophos Firewall V22

I – Overview of Monitoring and Exporting Reports from Sophos Firewall V22

This article aims to:

  • Guide how to view and filter logs on Sophos Firewall.
  • Guide how to read and export reports for operation and reporting purposes.
  • Help administrators quickly detect incidents and security threats.

Through this, the system can be monitored effectively and operated more securely

II – Details of Monitoring and Exporting Reports from Sophos Firewall V22

1 – Introduction to the Report & Log features of Sophos Firewall

1.1 – Dashboards

The dashboard allows administrators to quickly monitor network traffic and security threats occurring on the system.

Some common dashboards include:

  • Traffic dashboard – classifies traffic passing through the firewall.
  • Security dashboard – statistics on blocked activities and threats such as malware, IPS attacks, spam, and attack sources.
  • Executive report – summary reports for management including highlighted traffic and threats.
  • User Threat Quotient (UTQ) – evaluates user risk scores based on their activities on the network.

1.2 – Applications & Webs

This section provides information about application usage and web access activities within the network.

Monitoring items include:

  • User app risks & usage
  • Cloud app risks & usage
  • Blocked user apps
  • Synchronized apps
  • Web risks & usage
  • Blocked web attempts
  • Search engine statistics
  • Web content details
  • Web server usage
  • Web server protection

1.3 – Networks & Threat

Displays information related to network usage and security threats, including:

  • Intrusion attacks
  • Active Threat Response (threat events detected by MDR and Sophos X-Ops)
  • Wireless usage
  • Security Heartbeat status
  • Zero-day protection details

1.4 – VPN

Displays information about remote users connecting to the network through VPN, including:

  • IPsec VPN
  • SSL VPN
  • Clientless Access

1.5 – Email

Provides information about email traffic and spam/virus protection within the system.

1.6 – Compliance

Displays compliance reports related to standards such as:

  • HIPAA
  • GLBA
  • SOX
  • FISMA
  • PCI
  • NERC CIP v3
  • CIPA
  • Event levels

1.7 – Custom

Administrators can create custom reports based on specific criteria, including:

  • Web Report – search web activity or virus logs
  • Mail Report – search email activity, spam, and viruses
  • FTP Report – search FTP activity
  • User Report – statistics of high-risk application usage and website access
  • Web Server Report – search web server activity (time, user, URI) and protection events

1.8 – Log Viewer

The Log Viewer displays system event logs and automatically updates in real time.

Administrators can select specific log types to monitor, such as:

  • Admin
  • Firewall
  • IPS
  • Malware
  • VPN
  • Web filter
  • And other log categories.

2 – How to Export Reports on Sophos Firewall

During system administration, administrators often need report files summarizing system usage and security threats.

Therefore, in this guide the Executive Report is used as an example to export reports.

To export a scheduled report:

  1. Select Show Report Settings.
  2. Choose Report Scheduling, then click Add.
  3. Enter the following information:
  • Name – name of the report schedule
  • Description – optional description
  • To email address – email address receiving the report (multiple emails can be entered)
  • Report type – select the report type (for example: Report group)
  • Report group – choose the appropriate report group (for example: Executive Report)
  • Email frequency – choose Daily or Weekly and the time to send the report via email
  1. After completing the information, click Save.

Once the schedule runs according to the configuration, Sophos will automatically send the report file to the configured email address

If you want, I can also help you:

  • Rewrite this into natural English technical documentation, or
  • Convert it into a polished blog article for international readers.

translate this to english accurately:Application risk meter là cách thức mà Firewall sẽ tính điểm dựa trên mức độ rủi ro và số lần truy cập (hits) của từng ứng dụng. Chỉ số rủi ro ứng dụng được xác định dựa trên điểm trung bình của toàn bộ lưu lượng ứng dụng

Translation (accurate):

Application Risk Meter is the method by which the Firewall calculates a score based on the risk level and the number of accesses (hits) of each application.
The application risk index is determined based on the average score of all application traffic.

translate this article sentence by sentence accurately without leaving out details, follow their structure and style: https://vacif.com/moi-nhat-2026-sophos-firewall-huong-dan-theo-doi-xuat-report-tu-sophos-firewall-v22/

Below is the accurate sentence-by-sentence English translation following the original structure and style of the article
from VACIF:
VACIF – “[Mới nhất 2026] Sophos Firewall: Hướng Dẫn Theo Dõi & Xuất Report Từ Sophos Firewall V22”

[Latest 2026] Sophos Firewall: Guide to Monitoring & Exporting Reports from Sophos Firewall V22

Table of Contents

  • I – Overview of monitoring and exporting reports from Sophos Firewall V22
  • II – Details of monitoring and exporting reports from Sophos Firewall V22

I – Overview of monitoring and exporting reports from Sophos Firewall V22

This article aims to:

  • Guide how to view and filter logs on Sophos Firewall.
  • Guide how to read and export reports for operational and reporting purposes.
  • Help administrators quickly detect incidents and security threats.

Through that, the system can be monitored effectively and operate more securely

II – Details of monitoring and exporting reports from Sophos Firewall V22

1 – Introduction to the Report & Log features of Sophos Firewall

1.1 – Dashboards

Dashboards allow administrators to view information about network traffic passing through the firewall and security threats.

Some main dashboard types include:

  • Traffic dashboard: classifies traffic based on network traffic.
  • Security dashboard: statistics of blocked activities and threats such as malware, IPS attacks, spam, and attack sources.
  • Executive report: summary information for management, including highlighted traffic and threats.
  • User Threat Quotient (UTQ): ranks users based on their security risk score.

1.2 – Application & Webs

Displays information about application usage and Internet activity within the network.

Monitoring items in this section include:

  • User app risks & usage
  • Cloud app risks & usage
  • Blocked user apps
  • Synchronized apps
  • Web risks & usage
  • Blocked web attempts
  • Search engine statistics
  • Web content details
  • Web server usage
  • Web server protection

1.3 – Networks & Threat

Displays information about network usage and related threats, including:

  • Intrusion attacks
  • Active threat response (threat events detected by MDR and Sophos X-Ops)
  • Wireless usage
  • Security Heartbeat status
  • Zero-day protection details

1.4 – VPN

Displays information about remote users connecting to the network via VPN, including:

  • IPsec VPN
  • SSL VPN
  • Clientless access

1.5 – Email

Displays information about email traffic and virus/spam protection in the system.

1.6 – Compliance

Displays compliance reports related to standards such as:

  • HIPAA
  • GLBA
  • SOX
  • FISMA
  • PCI
  • NERC CIP v3
  • CIPA
  • Event levels

1.7 – Custom

Allows administrators to create reports based on specific criteria, including:

  • Web Report: search web activity or virus logs
  • Mail Report: search email, spam, and virus activity
  • FTP Report: search FTP activity
  • User Report: statistics of high-risk application usage and website access
  • Web Server Report: search web server activity (time, user, URI) and protection events

1.8 – Log Viewer

The Log Viewer displays system event logs and automatically updates in real time.

Administrators can choose specific log types to monitor, such as:

  • Admin
  • Firewall
  • IPS
  • Malware
  • VPN
  • Web filter
  • and other log types.

2 – How to export reports on Sophos Firewall

During system administration, administrators often need report files summarizing system usage and important threats.

Therefore, in this guide the Executive Report is selected to perform report exporting.

To export a scheduled report:

  1. Select Show Report Settings.
  2. Choose Report Scheduling, then click Add.
  3. Enter the following information:
  • Name: name of the report schedule
  • Description: optional description
  • To email address: email address receiving the report (multiple emails can be entered)
  • Report type: select the type (for example: Report group)
  • Report group: choose the appropriate report group (for example: Executive Report)
  • Email frequency: choose Daily or Weekly and the time to send the report via email
  1. After completing the information, click Save.

When the schedule runs according to the configuration, Sophos will automatically send the report file to the specified email address according to the schedule

Tags: , , , ,