Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 3870 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

is it possible to combine SFOS WAF with the built in OTP / MFA function

LHerzog

I found some old posts (>2y ago) about the XG WAF module not supporting MFA authentication for a webservice.

Has this changed since? We want to use MFA before using on-prem Exchange OWA.

Many internal users already have an Sophos MFA token and it would be nice to use that second factor also for WAF services.



This thread was automatically locked due to age.
Parents
  • 0

    Interesting that you bring this up; just had a customer ask us about this, and after talking with our channel SE, it appears this is not a current feature in SFOS.  Apparently there is mention of it in the dev plan, but no ETA.

    Of course they suggested ZTNA -- which for 90% of my customers, including this one, is not a fit as they still do not support on-prem AD.  If you have Azure AD, this may be an option for you.

    That, or you can use a 3rd party RADIUS-based solution, etc. to control MFA in conjunction with WAF.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0

    Interesting that you bring this up; just had a customer ask us about this, and after talking with our channel SE, it appears this is not a current feature in SFOS.  Apparently there is mention of it in the dev plan, but no ETA.

    Of course they suggested ZTNA -- which for 90% of my customers, including this one, is not a fit as they still do not support on-prem AD.  If you have Azure AD, this may be an option for you.

    That, or you can use a 3rd party RADIUS-based solution, etc. to control MFA in conjunction with WAF.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
Unfiltered HTML