XG Login with Captcha

I have just connected to an XG Firewall and as well as the user name and password and underneath is a captcha image with a box to type in response.

Haven't seen anything about that?

  • In reply to Big_Buck:

    No logical answer from Sophos yet ...

    Paul Jr

  • I didn't mind the addition of the captcha, although it doesn't always seem to work right. Now I've updated from 17.5.11 to 17.5.12 and it's vanished. They say it's supposed to be on WAN and not LAN, and while it was showing up on both in .11, now it's not showing up at all after the .12 update. Additionally, why don't we get an option as to turning it on or off? Very frustrating. Similar to why MFA requires you type the code after your password, and isn't a separate box, pop-up, or something.

  • In reply to NathanKodak:

    NathanKodak

    I didn't mind the addition of the captcha, although it doesn't always seem to work right. Now I've updated from 17.5.11 to 17.5.12 and it's vanished. They say it's supposed to be on WAN and not LAN, and while it was showing up on both in .11, now it's not showing up at all after the .12 update. Additionally, why don't we get an option as to turning it on or off? Very frustrating. Similar to why MFA requires you type the code after your password, and isn't a separate box, pop-up, or something.

     

     

    And of course, now it's back, on both LAN and WAN. There's some issues with this implementation I think.

  • In reply to NathanKodak:

    Hello

    There's a CLI command to control it.  But it simply does not work.

    Paul Jr

  • In reply to NathanKodak:

    Hi Nathan,

    Could you please raise a support case and then share your case number with me for further investigation into the Captcha issue you are having?

    Thanks,

  • In reply to NathanKodak:

    This should also be an option to turn on, best practice or not, for users or admins.  Every time I think about trying XG again, I'm just being given more reasons not to, and stick to UTM.  If captcha goes to UTM, I'm uninstalling it.  There are ways around captcha and while may be a 'best practice', it's certainly not the 'best way to do it' and old tech ways of making someone just feel secure.

  • In reply to Amodin:

    If I understand your point well, like it was mentionned before, these are CLI commands related to captcha

    system captcha_authentication_VPN show
    system captcha_authentication_VPN enable
    system captcha_authentication_VPN disable

    They just don't work however.  Except for the "show" option.

    Regards

    Paul Jr

  • In reply to Big_Buck:

    Two consecutive screenshot:

    So.  No it does not work.

    Paul Jr

  • In reply to Big_Buck:

    Hi  

    Could you please raise a support case and PM me with your case number for further investigation?

    Thanks,

  • In reply to FloSupport:

    Case open.

    Paul Jr

  • In reply to FloSupport:

    Received an answer from support this morning.

    The Captcha added are for the security purpose. You would not be able to remove them as of now. They will be visible if the firewall or user portal is access from WAN.

    Well.  Clearly, the tech there haven't read this post.  None of our Firewall behaves the same, and none is accessed from WAN or User Portal.  And yet, one consistently shows Captcha.  The screen shot aint lying.

    Paul Jr

  • In reply to Big_Buck:

    Hi  

    When the firewall is accessed using its public IP(in your case Port2) address the Captcha will appear and there is no option to disable it as of now on the WAN zone. 

    Captcha authentication serves as an extra security defense against scripted automated login attempts Captcha has been added to the XG Firewall admin and user portals on the WAN and VPN zones.

    Thanks,