• 20.0.0 GA to 20.0.2 MR2 378 - Sophos Connect - SSL VPN - AD Groups not added on authentication

    Fred_B
    Fred_B
    After the XG 210 upgrade to SFOS 20.0.2 MR2 build 378 we now have the issue that firewall rules for AD Group VPN Users no longer work for some SSL VPN users belonging to the AD VPN Users group. We know that IPSEC doesn’t work with AD groups but SSL VPN…
    • 7 days ago
    • Sophos Firewall
    • Discussions
  • Active Directory Windows Server 2025 not Authenticate Users

    Masoud Hemmati
    Masoud Hemmati
    Hello After upgrading Active Directory Server to Windows Server 2025, Sophos XGS Authentication user Not working and have Problem .
    • Answered
    • 18 days ago
    • Sophos Firewall
    • Discussions
  • how to enable SFOS authentication with different UPN and SamAccountName

    LHerzog
    LHerzog
    I have learned how to support UPN or multi UPN configuration with local Host / DNS registrations on the Firewall directly. I have configured that successfully on the firewall. Sophos Firewall: Authentication Multi UPN configuration But as written in…
    • 22 days ago
    • Sophos Firewall
    • Discussions
  • AD Authentication Time-out

    Chris Burke2
    Chris Burke2
    This issue just started on Sunday, reoccurred just now. Remote VPN login times-out. I've narrowed it down to an issue with the FW connecting to AD. The "Test Connection" failed. A reboot of the FW fixes the issue (Both times). After reboot, the "Test…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • SSLVPN login issue always logout

    mitssupport mit
    mitssupport mit
    Hi, Every month, when users change their Windows password, the VPN credentials do not update automatically. On the administration side, we have to delete the User, purge the AD users, and re-register them again. We have already tried setting the …
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Delete a group imported from the AD

    admin_idl
    admin_idl
    Hello everyone, We have imported groups from the AD on the XGS and now wanted to tidy up a bit and remove various AD groups from the firewall again. When trying to delete the groups we get the message: Thank You!
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • VPN with Authentication Active Directory with enumeration blocked

    Tecnologias Imaginadas
    Tecnologias Imaginadas
    Hi. Anyone has configured Sophos XGS SSLVPN with Active Directory Authentication on AD with enumeration blocked? After configure Server on XGS I can authenticate and retrieve groups/users without problem... My problem appears when try to authenticate…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • SSL VPN Fehler 17711

    TobiasSchubert
    TobiasSchubert
    Hallo, seit gestern bekommen Benutzer, welche nur auf der Sophos lokal angelegt sind folgenden Fehler: 17711 - User failed to login to SSLVPN through AD authentication mechanism because of wrong credentials. Warum sucht die Sophos nun plötzlich…
    • 1 month ago
    • Sophos Firewall
    • German Forum
  • Assistance Required: Importing Users from Active Directory to Sophos XG home Edition

    Ahmad Abdeen
    Ahmad Abdeen
    Hello, I am using Sophos XG Home Edition on VMware and have configured it to connect with Active Directory. While I am able to import groups successfully, I do not see an option to import individual users directly from Active Directory. I would like…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • German Forum
  • User member of multiple AD Groups - why not working for MFA / 2FA?

    LHerzog
    LHerzog
    We have AD synced Groups. We use them for FW Rule permissions, SSL VPN access and MFA control on the Firewall. Now we have this scenario: User XY is member of these groups: Group A (used for a firewall rule) Group B (all members of the company,…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Cannot establish NTLM Authentication channel

    DavidSain
    DavidSain
    Lots of posts about this. Here is an example. AD SSO - Cannot establish NTLM authentication channel with xxx Seems like the recommendation is to disable AD SSO in all zones. But what if we want SSO so we can log user web traffic? Why might we want…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Sophos MTA/VPN/VPN-Portal/User-Portal etc. mit Authentifizierung am ADDS

    Patrick81
    Patrick81
    Schönen guten Tag zusammen, folgendes ist mir grade aufgefallen. Wenn das ADDS nicht erreichbar ist, lässt der Sophos-MTA, Mails zum E-Mail-Server durch, an Empfänger die es gar nicht gibt! Dann antwortet der Mail-Server postmaster@Domäne.de sorry die…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • German Forum
  • Web Server Authentication Policy by other group memberships

    Marlon Bellmann
    Marlon Bellmann
    Hello, I am trying to use Authentication Policies for one of our Web Servers to restrict access to members of three specific Active Directory groups. When the user logs in, the authentication log shows a successfull login, but the site just reloads…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • SG135 Joining the domain failed. Active Directory Single-Sign-On (SSO)

    Marc Blumenstock
    Marc Blumenstock
    Hi Guys, we are a german company and we currently have a problem on one of our new branchoffices in canada. They received from us a Sophos SG135. They connect to us by an ipsec tunnel. Currently we got the Problem that the Sophos is not able to…
    • 4 months ago
    • UTM Firewall
    • General Discussion
  • User assigns always to just one AD group

    Ingo Buyny
    Ingo Buyny
    Hello, I have a problem with a user who belongs to several groups in my Active Directory. Two of these groups are present in my XGS. However, the user on the XGS is only a member of one group, and for organizational reasons I don't want to use this…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra

    hashtag
    hashtag
    I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra I have two use cases. Both involve the Sophos Connect Client and XG firewall v19.5 or later: 1. XG firewall appliance on premise with a MS Windows…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Maximum limit for authentication server is 20

    Hydro4711
    Hydro4711
    Hello, i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • AD Domain join not possible

    Ben@Network
    Ben@Network
    Hi Community, I try to join a Sophos Firewall into our Windows domain but the domain join is not passible. I get this errors in /log/nasm.log: Jul 26 11:59:18.983130Z ha.c:30 is_ad_join_required [nasm] is_ad_join_required() AD join required due to…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • user auth - AD or Local or Both?

    Simon Denham
    Simon Denham
    Hello, New bloke here. I read a lot of How To do a thing in XGS, but not why... What would be the intended purpose of a duplicated Administrator Local User and AD user? Is it redundancy in case the AD is unavailable? Should the default administrator…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Changing Active Directory server when using SSL VPN authentication

    GunnAdmin
    GunnAdmin
    Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation: -I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Setting up LDAPS for authentication (Port 636) with Two DCs

    Rachel Salvadeo
    Rachel Salvadeo
    Hey all, I have a question that seems to not be addressed in any other related community forum I could find. I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • sophos xg home to AD password/group synchronization

    Moeed Aziz
    Moeed Aziz
    Hi, I have Sophos home deployed in our network, with AD groups synced-in from AD server for user-based internet access. For a month or so now, when any users changes their domain user password, SSO (single sign on) does not work for them and they…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • LDAP AD Sync - force new sync

    MM the Admin
    MM the Admin
    Hey, we have been using an ldap connection to sync usrs from our local AD to our XGS appliance. Since we're migrating, we have changed the UPN and mailaddresses of all users in our AD. Sadly sophos doesn't get that, therefore rules that match…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Windows Terminal Server User Syncronisation

    ChrisV
    ChrisV
    Guten Morgen zusammen, wir versuchen die AD User mit unserer Sophos XGS zu syncronisieren. Ziel ist es, die User die sich am TS anmelden auch auf der FW zu sehen, damit wir die Aktivitäten überwachen können. Was wir gemacht haben: https:/…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • German Forum
  • Sophos Firewall: Authentication Multi UPN configuration

    GiuseppeI
    GiuseppeI
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview UPN Configuration Active…
    • 6 months ago
    • Sophos Firewall
    • Recommended Reads
>