Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
On 10 March 2020, Microsoft recommended to move to LDAP channel binding and LDAP signing to avoid replay attacks on the LDAP communication.
After the hardening changes are done, Simple Authentication and Security Layer (SASL) LDAP binds that do not request signing (integrity verification) will be rejected by Active Directory domain controllers. Sophos XG supports LDAP authentication over SSL/TLS to avoid man-in-the-middle attacks. This knowledge base article contains the necessary changes to the configuration. The following sections are covered:
Applies to the following Sophos products and versions Sophos XG
To change the connection security for specific Authentication Servers, perform the following steps:
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.