Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • client authentication agent

    Client Authentication Agent is not working in our office, i have upgraded all computers to Windows 11 Error it says You are not allowed to log in from this machine Kindly help us on this please Kumaresh St.Joseph's College of Commerce 9…
  • New QR Code

    How do I generate a new QR Code for the users we have users who have been issued with a new Iphones , they have wiped out the old phones with the Sophos Authenticator App as a result , they cannot setup their Account to the new Phone because they…
  • Connect Client Provisioning Files with MFA enabled

    I setup a connect client with a provisioning file. Had Authentication to an AD server setup. When the user connects for their first time while using a provisioning file, it works beautifully. Now, enter MFA. Because most places want some extra security…
  • MFA on web authentication

    I am using MFA for certain users, using it in Web Admin Console, SSL VPN and User portal in which there is no way to disable it. However I would not want to require MFA for web authentication, for example, an unknown user is directed to the web portal…
  • WMI BLOCKED / STAS

    Dear colleagues! We are having problems connecting via STAS on newer versions of Windows. In Sophos Transparent Authentication Suite in WMI VERIFICATION, the workstation shows access denied. We even used the key below but it doesn't work anymore. Path…
  • STAS logon type is 3 ??

    Hi all, FW XG v (SFOS 19.0.1 MR-1-Build365) I just have 2 DCs with stas installed. I think stas authentication is working as you like in the capture, logon type is 3 !! But logon type 3 as defined: The STAS agent runs on a member server and…
  • AD SSO Authentication and site-to-site VPN connection

    Hello all, We have a problem with one of our software applications. We are using SFOS 19.5.0 GA-Build197. The software needs to connect to a remote server which is only available via site-to-site VPN. The connection is configured and is working (green…
  • AD Authentication with STAS working but User firewall rules does not evaluate as authenticated

    I have two Domain controlers and on both installed STAS for twho Sophos XG HW appliance in HA active-pasive. After upgrade from 18.5.4 to 19.5.1 i have problem evaluating user rules. After upgrade i reinstall STAS to newwr vrsion on both DCs. I need reeneter…
  • Sophos XGS STAS IPv6 support

    Hi there, are there any plans that STAS will support IPv6? We are using IPv6 and STAS agent is not able to work if user is using IPv6. Besr regards, Oldrich
  • Problem with Apple devices and RADUIS

    Hi everyone, I have a big problem with wifi RADIUS and Apple devices. I am using SG330 firewall and APX530 access points, all with the newest Firmware. The problem is this: All of our Apple devices (iPads and iPhones) looses their connection…
  • Change OTP Name for authenticator apps

    Hello Sophos and everyone else, we are in the progress from switching all of the UTMs to XGSs at our customers. Unfortunately we are facing a little problem with the OTP implementation at XGS. At the (Google) Authenticator App we see the following…
  • Bug: SSH keys disappear when Admin has 2-Factor authentication enabled

    There may be a bug in SFOS regarding SSH keys. we noticed on 2 different SFOS firewalls, one XG430 (SFOS 19.0.1 MR-1-Build365) and one XGS136 (SFOS 19.5.1 MR-1-Build278) that SSH Keys you add here: after you have enabled Multi Factor Authentication…
  • Remote users, Azure AD and always on VPN

    Hi, For a project I'm working with it is required to allow remote users with company provided laptops. This laptops are intended for business purposes only and should start a vpn to the in-house XGS firewall and block any direct connection to Internet…
  • can't delete AD user in FW XG

    Hi guys, We can't delete some users from sophos firewall. When we tried do this, this message was presented: " Couldn't delete user. A firewall rule, VPN connection, web policy rule, or SSL/TLS inspection rule exists for this user " We already delete…
  • Client Authentication Agent Operation

    Hi - I use the Authentication client for non domain joined machines onsite. I have a guest user who has a corporate machine which uses a VPN to his business network. Rather than create additional rules, I would like him to run the Authentication client…
  • Sophos X Active Directory authentication with multiple managed domains

    Hello guys! I currently have a scenario that uses authentication between the firewall and Active Directory. In this same Active Directory, in addition to the main domain, I have other domains with linked users. In the authentication configuration…
  • QR code missing in SFOS 19.5.0

    Upgraded from 18.5 to 19.5 recently and found that i am unable to view user / admin QR codes under the authentication / one time password section. If a user changed a phone or lost, we would usually login to XG and see the QR code and scan it on the user…
  • Multi Site XG and MFA

    We have had 1 site for a long time - we have an XG appliance. we have users vpn to the site and then user RDP to connect to internal resources. The user id and logon on the XG are seperate from AD user logon and we are using Sophos MFA. We recently…
  • Will SOPHOS Be Adding User Support for Web browsing from Azure AD for Web Filtering

    We are currently using SOPHOS for our Firewall. We would like to tie it into our Azure AD. Since we had issues with RW, we will not put in a AD server on premise and according to Microsoft that AD was going to be phased out and Azure AD was going to be…
  • How to identify AD-imported groups in SFOS?

    Is it somehow possible to identify which groups in SFOS have their source in Active Directory? To me local and AD groups all look the same on SFOS. Even after export of them as entities.tar. That makes managing larger environments with local groups…
  • SSL VPN with and without radius/mfa

    hello, we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users. ssl authentication servers are radius and AD. when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i…
  • Sophos Central Azure AD WLAN certificates

    Hello all, We are currently trying to change the authentication of our Wifi to certificates authentication, but are currently failing in the selection and setup of the RADIUS server. We use an Azure AD (no local Active Directory available) and have…
  • WAF authentication fails

    I have to create a user with username equal to mailadrres ( name@domin.com ) Purpose is to use this user to authenticate with a login form with passthrough in a WAF rule. When i try to authenticate nothing happens, when i authenticate with a username…
  • Regla de Enrutamiento Estatico

    HOla! tengo un problema y a ver si alguien le ha pasado lo mismo y como puedo solucionarlo. Tengo un DC con DNS "pepito.local" donde tengo un servidor Web publicado al exterior por el dns https://CRM.pepito.com . En la zona LOCAL tengo creada…
  • MAC-binding on captive portal authentication mechanism

    I have configured a captive portal for users authentication, for some purposes i have to bind each user with a specific MAC address, can any one help me Best regards