Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Radius Test Works but WiFi Won't Authenticate

    Hi, I'm setting up an XGS to authenticate wifi connections with WPA2 Enterprise to FreeRadius and OpenLDAP running on Ubuntu 20.0.4. I know the LDAP part works because my VPN connections work. Test Connection works in Authentication/Radius. So…
  • Authentication with Radius blocked by server 2019 firewall

    Hello, So I performed an in place upgrade on one of our domain controllers from 2012 to 2019, so that I don't have to worry about demoting and promoting blah blah blah. Before I upgraded the second DC I wanted to make sure our users can still authenticate…
  • Sophos XG: Using Azure MFA with an OATH Token Code for SSL VPN and User portal

    Good afternoon. I was able to set up my XG to accept Azure MFA for Portal and SSL VPN access using a Radius server. This seems to work brilliantly for users who use the Microsoft Authenticator app and push (Appreove/Deny) notifications. We have a handful…
  • Active Directory Authentication Traffic Coming In Through IPSEC Tunnel Being Dropped as IP SPOOFING

    My topology is as the image above. I have an IPSEC tunnel between the branch office and head office. I have an AD server at the head office site. I want to configure Active Directory authentication on the XG at the branch office using the AD server at…
  • Authentication problems and domain administrator

    Hi all, we have two XGS2300 running in active-passive-mode. Firmware is SFOS 18.5.2 MR-2-Build380. We have AD authentication configured and I have questions regarding the AD. In the Sophos documentation ( docs.sophos.com/.../index.html) there…
  • Sophos XGS Filtering (Unauthenticated vs User Groups / Login Portal)

    I've a setup where we need machines to have a certain amount of access to the web while not authenticated/before login. (for deployments, remote tools, Azure AD login attempts) but we also need for the machine to use the web authentication if they try…
  • AD Server Authentication Drops over IPSEC S2S VPN

    Hi All, Recently one of our clients who have a server setup with a Sophos XG210 at their HQ have opened up a new branch that only has desktops and no servers. Machines are connected to a domain and a few of the users from head office have moved to the…
  • Web filtering not picking up user

    Authentication logs show the user is authenticated correctly However when browsing, the web filter doesn't pick up the user, so therefore doesn't apply the right policies Any ideas where to look?
  • Sophos SMS gateway required response format

    Can anyone share complete details on SMS gateway response format. I had gone through docs. But documentation is not clear. https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/GuestUserSettings…
  • Sophos XG 430 SMS gateway integration for guest registration

    So far I had gone through https://support.sophos.com/support/s/article/KB-000038037?language=en_US https://docs.sophos.com/nsg/sophos-firewallmanager/v17.0.0/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/SMSGWProfileEdit.html Still…
  • KERBEROS before NTLM

    Hello Community, we have users which are allowed to authenticate via KERBEROS only. If this setting in AD set, the user cannot be authenticated from firewall to AD. If we disable this policy in AD the user will authenticated. For me it looks like…
  • Cannot remove AD user

    Hi all, I cannot remove an AD user from the users tab. This user has no firewall rule attached, nor is any VPN enabled, and no web policy active. I am on version 18.5.2 csc.log shows this: MESSAGE Mar 01 17:40:19Z [worker:26569]: {"request":{…
  • Is it possible to pull the group information from the LDAP server?

    Hello, My XG firewall is integrated with LDAP and I can login with the account from LDAP server. I can see all users account when they are logged in ('user' tab). but I cannot see their group information that I assigned in LDAP server. Is there…
  • AD Authentication not working

    Hello, the AD authentication for the user portal and all other services is not working. I configured it according to this guide: https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/de-de/webhelp/onlinehelp/nsg/sfos/learningContents/ConfiguringActiveDirectoryAuthentication…
  • How to integrate authentication with Active Directory

    Hello World, Is it possible to configure Sophos XG to authenticate users for internet access once they sign in to their workstations? If not is it possible to force the browser to re-direct the user to the network authentication portal? Also, if…
  • Prevent AD user creation if not member of imported group

    Hi We have setup AD authentication on our XG and imported a "VPN Users" AD group on to our XG. The VPN Users group is assigned to the SSLVPN. If a user authenticates via the SSLVPN 2.1 client, a user is created in the "VPN Users" group on the firewall…
  • Sophos xg not creating a domain computer account when adding active directory authentication server. Kerberos sso not working.

    I have added Active Directory Domain controller to the servers list under authentication, imported groups, have users from AD, however, kerberos/ntlm doesnt work. I have made sure that SSO is enabled for the LAN interface and that the browser is using…
  • DUO Authentication Help

    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/124501/3-ways-to-setup-xg-18-with-duo-2fa Using this information, I followed the setup for DUO authentication for XG AD Server, DUO LDAP client and server, and it works. But, it seems…
  • Captive Portal not pop up Automatic

    Hi, Captive portal login page not pop up automatically when any user try to connect network through wifi on any device like mobile,laptop.user need to type the sophos firewal ip address to get the login page
  • Captive Portal -- DHCP issue

    Hello, Setup: -Sophos XGS2300 -Windows Server running DHCP We have an issue with client authentication: The client device receives an IP through our Windows Server (DHCP). The client device then authenticates through the Sophos XG captive portal…
  • Giving appliance access to a group imported from AD

    In the last couple days I've been trying to give admin access to some users to manage Sophos firewalls via WAN accross multiple sites. However, I have to manually set the user type as "Administrator". Manually setting 10 users or more accross more than…
  • Captive portal isnt working on Internet Edge and Google Chrome

    Good morning I am writing to you because I have some issues with the sophos captive portal, the configuration is correct, however, in an implementation in which we have implemented the captive portal, we are presenting certain complications to deploy…
  • Cannot establish NTLM authentication channel with <Domain> + SFOS 17.5.MR15+Cyberoam

    We got an error "Cannot establish NTLM authentication channel with <Domain>" in the Cyberoam 300ing, where CTAS and NTLM authentication both are working , NTLM was enabled because many of the domain user are not getting the services of web proxy , Support…
  • Specify Multiple UPN Suffixes within an LDAP server

    Hello, We need to implement AD Authentication into a client's environment, the AD Auth will be used for the Sophos Connect VPN client. Unfortunately, the client has 3 different UPN Suffixes (as they utilise 3 different email domains). Please advise…
  • Manual configure SF-OS to use AD Server Authenticacion

    Hi, i new with XG Firewall and want configure the autentication integration with Active Directory service. I add correctly my AD but dont find the manual for Configure SF-OS to use AD Server Authenticacion, the link is broken and i want configure with…