SSL VPN Radius with 2factor timout

Hi All,

The feature is pending and unfortunately, v16 will not see the feature. We have a buffer full of feature requests and the developers will consider these requests on the account of Votes it receives. Please cast your votes and raise a support case to push the development team to prioritize it. I'll start a group conversation for this request and try to prioritize it.

Thanks

Hi All,

The feature is pending and unfortunately, v16 will not see the feature. We have a buffer full of feature requests and the developers will consider these requests on the account of Votes it receives. Please cast your votes and raise a support case to push the development team to prioritize it. I'll start a group conversation for this request and try to prioritize it.

Thanks

I hope that's not the only metric you're using to roll requests into future firmware updates. This seems like a critical bug, not a feature request. How do you get them reclassified? People can't even login because there's no way to set the timer and your partners are losing business because of it. Relying on votes for this seems counter intuitive.

Can you point us to where to vote on this? I agree that this shouldn't even be in the "feature request" status. This is a fairly critical issue for many companies. For us it has prevented us from fully implementing the UTM's we purchased over a year ago. We have to "protect" them behind ASA's that can handle 2FA for things like VPN access. If we'd have known that something as basic as 2FA had not yet been fully implemented in the platform we likely would have chosen a different product. 2FA has become a standard, and it's not something that happened recently. OTP's are old school and not something that organizations want to force on their users if everything else in their environment can be logged into without the hassle.

Just as a note, the only reason we've kept these around this long is because we keep being told that this basic functionality is coming out "any day now"

I see here that it has been added in 9.5 but for some reason has not been done in the XG platform. https://community.sophos.com/kb/en-us/127334

Any word regarding whether the latest V17 release corrects this issue (2FA timeout)?  It doesn't appear to be listed specifically in the release notes, but still hopeful . . .

Thanks

Where can we cast votes for this feature and get it moved up?  What is the escalation procedure?  This is a SOC 2 requirement for client VPN services and we cannot use the product.

Thank you.

I second this.  Is there no workaround??   This was supposed to be a good replacement for Microsoft TMG, but won't even work well with Microsoft MFA due to timeouts issue.

So I'm in the process of selling yet another firewall and I see Sophos still hasn't fixed this in the latest firmware (SFOS 17.0.2 MR-2), so it won't be a Sophos unit this time either.

Can you please provide us with additional information regarding this?  

Yeah, more and more "features" being released but I have yet to see this (which can be done at the code level on the VPN engine being used - btw). Additionally, still haven't really resolved all of their basic IKEv2 issues.

Can we get a definitive answer on using a 3rd party MFA/2FA solution with the Sophos XG?

Is the XG capable of integrating a 3rd party MFA (such as SecurEnvoy, Swivel, Duo, Vasco...) for SSL-VPN clients?