Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

Sophos Firewall: Enable separate (3rd) input box for SSLVPN MFA instead of Password+OTP.

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


This Recommended Read describes how to configure Sophos Connect Client login using SSL VPN MFA instead of the normal setup of Password + OTP. 

Sophos Connect Provisioning file

Currently, it's possible to enable separate input for MFA/OTP in the case of SSLVPN using Sophos connect client and Sophos Connect provisioning file (pro).

Below is the configuration:


Sample .pro file:



        "gateway": "<Enter your gateway hostname or IP address>",

        "user_portal_port": 443,

        "otp": true,

        "2fa": 1,

        "can_save_credentials": true



Step1: Sophos Connect Client 1st Login

You’ll be asked for a Username/Password/ OTP (3rd separate input box). Click the checkbox for saving username/password. 


Step2: Logging next time in Sophos Connect Client

As username and password are saved, it’ll prompt only for OTP.



Updated link to v19.5 documentation
[edited by: Erick Jan at 1:20 PM (GMT -7) on 13 Sep 2023]