hello,
we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users.
ssl authentication servers are radius and AD.
when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i will be connected because Radius and AD are both in ssl vpn selected authentication servers.
what can i do to solve my problem?
thank you
Hello Louis D ,
Thank you for reaching out to the community, You can use an option "Specific users and groups" under MFA and add the admins users for MFA:
Refer the RR - Profile Management for Device Access in Sophos Firewall
And another RR - How to configure Multi-factor authentication and understanding the OTP timestep settings
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
hello, i already used this tutorial to configure mfa with ms radius/Azure AD and SSL sophos vpn.
let me show you.
For the vpn firewall rules, i have 2 AD groups (radius with mfa and AD without mfa). My account is in the MFA group and not in AD Group.
When i log in the vpn client, sophos firewall tries to validate 1st in local, then radius, get no answer (timeout) from the radius because i don't validate the mfa then tries AD servers, and validate the authentication.
i need both Radius and AD Authentication servers, admins with mfa and users without.
the situation is little bit different from the tutorial.
thanks.
Quote