Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Users only able to login to portal if ID/member is manually added

    I have setup AD authentication on Sophos XG. Tested the connection and it is successful. However users can only login if I add them into Identity/Policy Members. Shouldn't they be able to authenticate using AD credentials
  • Active Directory Group. Only One Group. Problem when User is in a Sub-Group

    I added the Active-Directory integration. That Works fine. But when I add Groups, A User can only be a member of one single group. Not Two Groups like VPN, Exchange. And when A User Ist Member of Group 1 and this Group 1 is Member of Group 2, and…
  • VPN and SSO authentication

    Hello I'm connecting a remote branch office to the main office via VPN (PPTP) connection. In the main office there is a XG Firewall, in the branch office a mikrotik router. I need to authenticate my remote users by using a Domain Controller located…
  • STAS Suite Communication between DC's and Opening Ports questions... PLEASE HELP!

    Reaching out to kind, wonderful, HELPFUL community! (Buttering you guys up) :-) IN all seriousness... I am hoping ANYONE can help me out answering a few (Possibly dumb) questions that I seem to not be able to get answers for. (been waiting over a week…
  • Many Errors Event ID 10028

    Hi, my problem is in the DC Server the event log show in tha last hour 10210 log of event id 10028, for me it's too many. Please, help me, how can i resolve this or what trigger this. Thanks
  • Sophos XG: Active Directory Integration Fails "due to incorrect credentials"

    I have trying to integrate sophos with the local Active Directory. The AD and the Sophos XG are both in the same subnet. However when I click test connection, I get "test connection failed due to invalid credentials". I surely am missing something…
  • AD authenticated users user prompted to authenticate again when opening new session

    Hello I Have a Sophos XG210 firewall with 16.05.1 MR-1 firmware, i have configured AD Server for uses authentification, and activated NTLM in device access on LAN , but when user open new windows session it's prompted do longin again when openning…
  • NTLM Authentication Problem

    Hi all, We have CR100ING at a customer site (with sophos fw:16.05.0.GA). We are experincing problem. Active Directory sync is working without a problem on Ethernet. Users can go online with SSO authentication. When same user disconnects from Ethernet…
  • Communication between DC's with STAS for SSO... NEED HELP!

    WARNING... Amature looking for guidance. :-) Environment: Standard network Windows Network 2 Active Directory Domain Controllers (for redundancy: BOTH Server 2008 R2) DC 1: 10.130.210.40 (FSMO Roles: PDC, RID pool master, Infrastructure master…
  • Clientless SSO STAS logoff detection vs dead entry timeout clarification needed

    Please bear with me, I am a 1-man IT band, and am NOT a "Firewall" guy. :-) Background: Simple Network: 2 Active Directory Domain controller Servers (for redundancy) w/ STAS Suite loaded on BOTH controllers. 1 XG Sophos Firewall XG 230 …
  • Problema using STAC - Web filter

    Good morning, Since implementation we, are having problem with the active directory users that use thin clients. They can log properly, but can not use the appropriate web filter policies when they browse internet. This make that users have access…
  • Authentication and AD group issues in XG-210 Firewall

    Friends, I am having a XG-210 UTM appliance and we now have two issues. 1. AD groups are not automatically updating in the firewall. I have imported the AD groups to firewall and the groups sync well also. We are noticing that the user's group memberships…
  • [SOLVED] Web GUI administration login with AD credentials

    I have setup the STAS suite on my domain controller, and the firewall detects all the clients on my network as intended. my domain administrator account is added as a firewall administrator, so i can login to the administration page with my AD account…
  • XG firewall unable to get to the AD user

    I want to domain user use vpn . I configured to complete STAS, but firewall can not get to the domain user.
  • Is it possible to set up the firewall to allow the user to change passwords using user portal

    Our authentication server is RADIUS server powered by windows 2012;my Question is can i change the password using my user portal ->change password menu; Presently "contact system Administrator" error message came in the user portal password change page…
  • STAS: What AD role is required, exactly?

    Only Administrators? Or it is a okay that View-only Organization Management? Thanks!
  • XG Portal Access and Active Directory Integration- Authenticated Users Only Access?

    Good Afternoon everyone, Been working with the new XG's over the past couple of months and have an (what I hope is an easy/minor) issue with Portal and VPN access w/AD integration. Wondering if I could get a little additional help. Scenario: Basic…
  • STAS problem with user authentication on XG v16

    Hi, I mount a VirtualLab with VM's with XG v16 on my workstation 3 VM's UTM, Windows 7 Pro 64bit and Windows Server 2008 R2 64bit... XG v16 with two interfaces LAN VMnet5 172.16.16.16 WAN VMnet2 (NAT) DHCP Windows 7 Workstatin LAN VMnet5 gets…
  • AD users can't login to user portal.

    I have imported my groups from the AD in my XG environment, but when I try to login I just get login errors. When I look at the logs it seems like XG can't get the information from the AD. At the moment I dont know what the issue might be. The last…
  • Special Characters sAMAccountName - AD Readiness Tool

    Hi All, There's been an issue identified where as if a user has special character in their sAMAccountName, STAS and the XG Firewall will fail the authentication because a user object can't be created because of the special character. I don't consider…
  • STAS not authenticating to XG

    Hello all, First off great product... Problem my SSO is not working with STAS, even with all tests working and XG authentication server added and all ports open "5566,6060,6677" inbound outbound Live user list does populate and shows all AD users…
  • Authenticate Using UserPrincipalName?

    Hi, we're using Sophos XG (now updated to 16) to publish Outlook Web Application, is it possible to authenticate our AD users using their UserPrincipalName (which matches their email address)? At the moment the username is their sAMAccountName. On…
  • UTM SG450 seems to lose Internet connection with users

    We have the SG450 migrated to XG Firewall software, users began randomly to lose internet connection and have different error messages. Like those I'm attach here. Is it possible to tell me how to solve this big problem, because it is really frustrating…
  • RE: PPTP/L2TP radius Authentication failing

    I have the excact same problem on XG310 SFOS16beta4. Did you ever find a solution to this? SSL VPN is working fine, and authenticating users against our AD. L2TP is working fine from Windows 7 built in VPN client with a local user on the XG. L2TP…
  • STAS in bridge mode

    Hello everybody, I configured a Sophos XG210 in bridge mode. Right now, I’m trying to configure the Single Sign On using STAS. I’m quite familiar with STAS implementation with over 10 clients configured successfully, but this installation is the first…