SSL VPN Radius with 2factor timout

In Sophos XG, is there any way to increase the timeout for radius servers?

I'm having problems using SSL VPN authentication with radius when using 2-factor. If I bypass 2factor, I'm logging in fine.

If I enable 2factor, it seems to timeout and I get a second credential prompt before I get to accept the first request, rendering my first request invalid.

I've seen this question before and the answer was that the timout is hard coded. However that was a old thread:

Maybe things have changed?

  • Hi All,

    The feature is pending and unfortunately, v16 will not see the feature. We have a buffer full of feature requests and the developers will consider these requests on the account of Votes it receives. Please cast your votes and raise a support case to push the development team to prioritize it. I'll start a group conversation for this request and try to prioritize it.


  • In reply to sachingurung:

    I hope that's not the only metric you're using to roll requests into future firmware updates. This seems like a critical bug, not a feature request. How do you get them reclassified? People can't even login because there's no way to set the timer and your partners are losing business because of it. Relying on votes for this seems counter intuitive.

  • In reply to sachingurung:

    Can you point us to where to vote on this? I agree that this shouldn't even be in the "feature request" status. This is a fairly critical issue for many companies. For us it has prevented us from fully implementing the UTM's we purchased over a year ago. We have to "protect" them behind ASA's that can handle 2FA for things like VPN access. If we'd have known that something as basic as 2FA had not yet been fully implemented in the platform we likely would have chosen a different product. 2FA has become a standard, and it's not something that happened recently. OTP's are old school and not something that organizations want to force on their users if everything else in their environment can be logged into without the hassle.


    Just as a note, the only reason we've kept these around this long is because we keep being told that this basic functionality is coming out "any day now"


    I see here that it has been added in 9.5 but for some reason has not been done in the XG platform.

  • In reply to sachingurung:

    Any word regarding whether the latest V17 release corrects this issue (2FA timeout)?  It doesn't appear to be listed specifically in the release notes, but still hopeful . . .



  • In reply to sachingurung:

    Where can we cast votes for this feature and get it moved up?  What is the escalation procedure?  This is a SOC 2 requirement for client VPN services and we cannot use the product.

    Thank you.

  • In reply to GuidoGarcia:

    I second this.  Is there no workaround??   This was supposed to be a good replacement for Microsoft TMG, but won't even work well with Microsoft MFA due to timeouts issue.

  • In reply to sachingurung:

    So I'm in the process of selling yet another firewall and I see Sophos still hasn't fixed this in the latest firmware (SFOS 17.0.2 MR-2), so it won't be a Sophos unit this time either.