I recently configured captive portal on my network using my AD as the autheticator server.
My users can login on their laptops but if they try to do so on their respective phones, they get this error message " User.... failed to login to Firewall through…
Hi :)
Customer has received an XGS-FW, previously used a SG. AD SSO was set up at orientation of Sophos-Com contribution. ( docs.sophos.com/.../index.html
The following problem:
NTLM-Auth works without problems KERBEROS fails: "Cannot initalize…
Moin,
Kunde hat eine XGS-FW erhalten, nutze davor eine SG. Eingerichtet wurde AD SSO an Orientierung vom Sophos-Com-Beitrag. ( https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…
Moin,
Kunde hat eine XGS-FW erhalten, nutze davor eine SG. Eingerichtet wurde AD SSO an Orientierung vom Sophos-Com-Beitrag. ( https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…
Would it be possible and would it be a good idea to add the capability for Clientless Users to be designated via MAC address rather than IP address? That is, in the IPv6 world. where a machine can have many concurrent and past (but not yet invalid) IP…
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview:
Error, ADS server name already…
Can Sophos confirm please that SFOS 19.0.1 is still not able to detect staggered group membership of a Active Directory? Because that is what I noticed yesterday.
I tried to use a top level group that contains sub-groups for Firewall rules. If the user…
Hello everyone,
I was curious about the way Authentication Client works. You remember previous version of that? (Cyberoam Generic Authentication Client)? In that version, clients where able to change the IP address of Cyberoam in the setting. So,…
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
Radius Validation
Control…
We have a single network & zone which contains both domain-joined and non-domain-joined devices.*
For domain-joined devices, we use STAS and all is well.
For non-domain-joined devices, we WANT to use captive portal to ask the user to login. However…
Hi all,
I want to know if caa is more efficient than stas authentication?
when to use caa and when to use stas ?what could be the difference between stas and CAA?
Does CAA automatically require firewall integration with AD?
Can we use stas authentication…
Hi all,
normally a domain user, when he tries to connect with a workgroup computer he is automatically redirected to the captive portal, and also an ordinary user who is not a domain user. but I notice that this redirect is gone for domain users, and…
HI, is it possible fot otp to be also activated for L2TP O IPSEC remote access vpn?
We've got a customer who is requesting give question above, however since its not shown in the otp availabe sections, i dont think its possible.
Or does it account…
I see XGS OS19.5 now allows Azure AD to be used for SSO for admin access to the webadmin.
Can the XG also be configured in a similar manner so that users can authenticate to Sophos Connect using their Azure AD details, and any possibility of using the…
Hi Community,
we're using an XGS Firewall (V19) and STAS for authentication of our users.
On our domain controllers in stas.log we're seeing an huge amount of these entrys every few seconds:
SSO_server_handle_wrkstpoll_req: poll req for '43.129…
Hi all,
Hoping someone can point me in the right direction.
I have enabled STAS on our Sophos XG. I can see user showing on the STAS Agent on the server.
I have also added the server to the XG on the Auth List and connections pass without issue…
Hi all,
I just set up a virtual XG appliance and pretty much everything is working fine, except for one issue.
I needed to use Duo proxy as 2FA solution, which is (temporarily) running on the Domain Controller on the LAN (configured as AD client …
I was wondering if you could help me setup a a firewall rule so that outside URL (eplatform, used for digital libraries) can communicate with our AD so that users can login with their AD username and password. I have added the external host IP of the…
Hello,
I want to change users of all OTP tokens on all of our firewalls because of domain change. Users with new domain already exists on the firewalls and I can change them manually via web GUI, but as we are talking about hundreds of tokens here,…
Hi,
I recently upgraded to SFOS 17 to 19.0.1 MR-1 and I used to have access to the user's QR codes as admin. This was handy with remote users when they got new phones or lost their phone I could easily add the OTP token back to their new phone. I understand…
I'm trying to add extra authentication to an internal site via Reverse Authentication. The site itself has no authentication.
The problem is with how the UTM treats our AD-based groups. If I add my user explicitly to the new Reverse Authentication profile…
Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
What To Do
Overview …
Hi,
We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ?
Many thanks
…