Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
We have XG135 in test in a cloud-only environment, that is no AD. We have a test radius server working and have set that to authenticate wifi successfully however the user who authenticates is not appearing in the Live Users activities screen.
I can of course use the appropriate agent, here we use iOS or the captive portal, to identify the user but can we use that wifi radius authentication to then identify the user and track web usage?
Yes, you may use the authentication but you may need to configure Radius server on XG.
Sophos XG Firewall synchronizes groups with the RADIUS Server every time the user tries to log in. If a user's group is changed on the next login attempt, the user will be logged in as a member of the same group. This feature keeps the RADIUS Server updated and removes the need for manual updates every time the group is changed.
The local database is selected by default. Make sure that the RADIUS server is selected and is the first server in the Selected Authentication Server list.
If there are multiple servers, the authentication request will be forwarded according to the order configured in the Selected Authentication Server list.
Taken from KB article https://community.sophos.com/kb/en-us/123164
In reply to Aditya Patel:
Thanks for your reply but unfortunately this isn't quite what I meant.
I'm using the radius server happily to authenticate user portal, capture and firewall via auth agents.
What I wanted was the fact that a user is authenticating to the SSID using his radius credentials. Why does he further have to authenticate with one of the above? Can the system not pick that up ?
In reply to Mark Spencer-Smith1:
I have a similar question. We have RADIUS servers authenticating users on Wi-Fi, and they are showing up properly on the firewall. But the problem for us is when they disappear off the Wi-Fi, they don't disappear off the firewall. The RADIUS authentication is happening on our Wi-Fi APs. I've been told by Sophos Support that it's not possible to track and reconcile users based on this. They've recommended buying Sophos APs. I'm not entirely sure that's the right answer, but it's the one that Sophos Support has given me for now. I'm continuing to investigate this.
In reply to Robert Park:
I know this is an old thead. But i am seeing behavior similar. Radius sso authentication is working and users are showing up as live users. But if the wireless client leaves the wifi still seeing the user in the firewall. Did you find an answer to this?
In reply to Jim Boothe1:
Someone from our vendor support finally suggested something, though I can't recall the details. I think it did fix the problem, though I did not do thorough testing to be sure, only cursory glances. Before, I believe our RADIUS accounting was going through our firewall directly, whereas now it is going through our RADIUS servers? Ah, I probably have it wrong. I know that we were pointing something RADIUS in our AP settings at the firewall directly before, and now we're pointing them at our RADIUS servers instead. Sorry, know that's not probably not good enough for you. For some reason, I think it was the accounting? https://xkcd.com/979/
I think this is the article where they started getting inspiration. https://community.sophos.com/kb/en-us/131580 It was such a long time ago, sorry. One day, we'll get good at this documentation thing, I swear! :)