Browse By Tags

  • Captive Portal Authentication

    I recently configured captive portal on my network using my AD as the autheticator server. My users can login on their laptops but if they try to do so on their respective phones, they get this error message " User.... failed to login to Firewall through…
  • ADSSO - Kerberos failed. NTLM works

    Hi :) Customer has received an XGS-FW, previously used a SG. AD SSO was set up at orientation of Sophos-Com contribution. ( docs.sophos.com/.../index.html The following problem: NTLM-Auth works without problems KERBEROS fails: "Cannot initalize…
  • ADSSO Authentifizierung schlägt via Kerberos fehl - NTLM funktioniert

    Moin, Kunde hat eine XGS-FW erhalten, nutze davor eine SG. Eingerichtet wurde AD SSO an Orientierung vom Sophos-Com-Beitrag. ( https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…
  • AD SSO: NTLM funktioniert, Kerberos nicht

    Moin, Kunde hat eine XGS-FW erhalten, nutze davor eine SG. Eingerichtet wurde AD SSO an Orientierung vom Sophos-Com-Beitrag. ( https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…
  • Rpc issue when i pool through wmi using STAS

    Hi, i am facing RPC issue when i pool from stas application using wmi method its showing the rpc server is unavailable.
  • Should clientless users be able to be assigned by MAC and not IP? (Looking towards IPv6)

    Would it be possible and would it be a good idea to add the capability for Clientless Users to be designated via MAC address rather than IP address? That is, in the IPv6 world. where a machine can have many concurrent and past (but not yet invalid) IP…
  • Sophos Firewall: Troubleshooting Guide - Sophos Central cannot push group policy to Sophos Firewall

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview: Error, ADS server name already…
  • AD Authentication, Nested / Staggered Groups not working

    Can Sophos confirm please that SFOS 19.0.1 is still not able to detect staggered group membership of a Active Directory? Because that is what I noticed yesterday. I tried to use a top level group that contains sub-groups for Firewall rules. If the user…
  • How does AC work?

    Hello everyone, I was curious about the way Authentication Client works. You remember previous version of that? (Cyberoam Generic Authentication Client)? In that version, clients where able to change the IP address of Cyberoam in the setting. So,…
  • Sophos Firewall: Using Azure MFA for SSL VPN and User portal

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Radius Validation Control…
  • Is there a way to backup authentication/users?

    I cant see any option to do so. Thanks.
  • AD SSO - mixed domain and non-domain devices in single zone

    We have a single network & zone which contains both domain-joined and non-domain-joined devices.* For domain-joined devices, we use STAS and all is well. For non-domain-joined devices, we WANT to use captive portal to ask the user to login. However…
  • STAS authentication & CAA

    Hi all, I want to know if caa is more efficient than stas authentication? when to use caa and when to use stas ?what could be the difference between stas and CAA? Does CAA automatically require firewall integration with AD? Can we use stas authentication…
  • domain users on workgroup computers and no captive portal

    Hi all, normally a domain user, when he tries to connect with a workgroup computer he is automatically redirected to the captive portal, and also an ordinary user who is not a domain user. but I notice that this redirect is gone for domain users, and…
  • OTP with L2TP over IPSec VPN

    HI, is it possible fot otp to be also activated for L2TP O IPSEC remote access vpn? We've got a customer who is requesting give question above, however since its not shown in the otp availabe sections, i dont think its possible. Or does it account…
  • Azure AD authentication for Sophos Connect

    I see XGS OS19.5 now allows Azure AD to be used for SSO for admin access to the webadmin. Can the XG also be configured in a similar manner so that users can authenticate to Sophos Connect using their Azure AD details, and any possibility of using the…
  • XG processing WMI authentication requests on WAN-Zone / STAS

    Hi Community, we're using an XGS Firewall (V19) and STAS for authentication of our users. On our domain controllers in stas.log we're seeing an huge amount of these entrys every few seconds: SSO_server_handle_wrkstpoll_req: poll req for '43.129…
  • STAS and User logging not working as expected

    Hi all, Hoping someone can point me in the right direction. I have enabled STAS on our Sophos XG. I can see user showing on the STAS Agent on the server. I have also added the server to the XG on the Auth List and connections pass without issue…
  • XG - Prevent RADIUS auth from overwriting existing user with default group

    Hi all, I just set up a virtual XG appliance and pretty much everything is working fine, except for one issue. I needed to use Duo proxy as 2FA solution, which is (temporarily) running on the Domain Controller on the LAN (configured as AD client …
  • Allow access to AD through SOPHOS XG (So users can login with AD login https://www.eplatform.co/gb)

    I was wondering if you could help me setup a a firewall rule so that outside URL (eplatform, used for digital libraries) can communicate with our AD so that users can login with their AD username and password. I have added the external host IP of the…
  • Change OTP token's user via API

    Hello, I want to change users of all OTP tokens on all of our firewalls because of domain change. Users with new domain already exists on the firewalls and I can change them manually via web GUI, but as we are talking about hundreds of tokens here,…
  • Generate OTP token with next sign-in

    Hi, I recently upgraded to SFOS 17 to 19.0.1 MR-1 and I used to have access to the user's QR codes as admin. This was handy with remote users when they got new phones or lost their phone I could easily add the OTP token back to their new phone. I understand…
  • Adding authentication to a site

    I'm trying to add extra authentication to an internal site via Reverse Authentication. The site itself has no authentication. The problem is with how the UTM treats our AD-based groups. If I add my user explicitly to the new Reverse Authentication profile…
  • Sophos Firewall: SATC with Sophos Server Protection Step by Step Guide

    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview  What To Do Overview  …
  • AD SSO - Cannot establish NTLM authentication channel with xxx

    Hi, We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ? Many thanks …