XG Login with Captcha

I have just connected to an XG Firewall and as well as the user name and password and underneath is a captcha image with a box to type in response.

Haven't seen anything about that?

  • Hi  

    As an additional security measure, a captcha has been added to the XG Firewall admin and user portal on the WAN zone, for devices running SFOS v17.5 and later.

    For more information, please refer to the article - https://community.sophos.com/kb/en-us/135412

  • In reply to Keyur:

    Saw the original article and acted within 30 minutes of SMS message, but had not subsequently seen this information.

     

    My own XG is not providing the captch addiotin right now. Perhaps its being rolled out slowly

  • In reply to Paul Digby:

    Having said that, my own Firewall was not affected.

    Hopefully, the captcha is being rolled out to all and noy just the affected systems?

  • In reply to Paul Digby:

    [Updated - 5/7/2020 @ 4:50pm PDT]

    Hi All,

    Sophos added Captcha authentication to the admin and user portals on the WAN and VPN zones. This change only applies to XG Firewall v17.x and v18.x, except for XG85/XG85w devices. Any Cyberoam device that has upgraded to the XG Firewall firmware will not implement Captcha.

    This was implemented as an extra security defense against attackers attempting to script automated login attempts before customers had the opportunity to perform password resets; it’s also regarded as a best practice. The use of Captcha is currently not a policy-controlled option. Admins will see Captcha even if multi-factor authentication is enabled.

  • This is good way to scare all admins to make this modification without any forward notice. At first it seems to me XG was again hacked. And more - I see this captcha on internal IP when logging in using VPN. Admin and user portals are not open to internet, only to internal LAN and VPN. Is this correct ?

  • In reply to FloSupport:

    FloSupport

    Sophos added Captcha authentication to the admin and user portals when they are exposed on the WAN interface.  

    As already mentioned by other users: these seems not to be the only criterias for adding Captcha authentication. I also get this on firewalls where neither admin nor user portal is exposed on WAN interfaces. So there must be some more reasons. 

     

    FloSupport

    This change only applies to XG Firewall v17.x and v18.x

    Generally or only on firewalls on which data exfiltration has been performed?

  • In reply to lmo@ACH:

    I for one, would be happy to see the captcha permanently regardless of exposure on WAN

    Just an extra step for security and ‘peace of mind’

  • In reply to Paul Digby:

    I won't disagree with you, another security step is a good mesure....
    But, this wouldn't be done without advanced information.

    Regarding the Captcha JC Sophos,  you got an Android App and a IOS App for your Authenticator.
    I use it to access Sophos Central, it's too much to ask to do the same thing?

  • In reply to lmo@ACH:

    Hi there,

    See my updated post above that includes additional details.

    Note: The KBA has also been updated to include this info.

  • In reply to David Veselka:

    I agree.  Forcing one of many methods (as 'the' method) is not what I  like to see in a provider.  I'll make the choices thank you.

  • In reply to FloSupport:

    On one of my Firewall catcha do not appeared.  I entered the command manualy and rebooted the firewall

    But still NO captcha.

    Paul Jr

  • In reply to Big_Buck:

    Ok.  Let's resume.

    On firewall 1/3.  Captcha enabled by latest update and working.

    On firewall 2/3.  Captcha manualy enabled via CLI since update did not enabled it, fail to work.

    On firewall 3/3.  Captcha enabled by latest update but fail to work.

    This is as inconsistent as it could be.

    Paul Jr

  • In reply to Big_Buck:

    Checked this morning.  Still the same inconsistent result.  

    Paul Jr

  • Stille the same.

    On firewall 1/3.  Captcha enabled by latest update and working.

    On firewall 2/3.  Captcha manualy enabled via CLI since update did not enabled it, works randomly.

    On firewall 3/3.  Captcha enabled by latest update but fail to work.

    This is as inconsistent as it could be.

    And still no logical answer from Sophos.

    Paul Jr