I'd like to roll out SSLVPN to some of our users, but the password concatenated with the OTP code is very awkward....
You can't save the password, and you can't easily use a password manager either.
Is there some way or 3rd party software that will…
We use a lot of single user RDP sessions so I've configured STAS with Registry Read polling and it works except for two issues:
- When the polling happens every three minutes, the live users for the RDP sessions drop out for up to 10 seconds.
- If…
hi, i have XGS2100 (SFOS 20.0.2 MR-2-Build378).very wired issue is being faced. i am using STAS for user authentication. user rule is down in the rules. on top of all i have created rule in which i added mac address of few users. this rule is not working…
Hi all,
we are using XG firewall and using STAS authentication for user internet access.
we are facing issue with outlook and teams application this application getting discounted frequently, but that time internet is working fine with the system…
Hi all,
I have a problem with - at the moment reportedly - two users. They can establish a VPN connection successfully and every works well. However after sometime the username information gets lost, i. e. the username field in the log is shown as empty…
I would like to change my STAS configuration to use a dedicated service account. I am following the guidance here - https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-STAS-transparent
However…
Hallo ...
Ist es möglich, mit der XG/XGS eine SSID zu veröffentlichen, die Android/iOS Geräte mittels eines Zertifikates authentifiziert und bei Erfolg sich mit der SSID verbinden lässt? Bisher erledigen wir dies über Preshared Key und zusätzlich…
Hello,
I am trying to use Authentication Policies for one of our Web Servers to restrict access to members of three specific Active Directory groups.
When the user logs in, the authentication log shows a successfull login, but the site just reloads…
Hello Sophos Community,
first of all everything worked with STAS the last months without any problems.This week starting from monday on we are experiencing random disconnects on our STAS backend (it seems). It hits several live users randomly. They…
Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…
Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…
Hi ,
I have a issue with the Sophos Client Authentication Agent the "MSI" File. If I deploy the Agent with MSI File, it installed it and I can run it, but I am getting the error with Certificate (I think the ClientAuth_CA.scc) file cannot be find. …
Hello,
We use the Client Authentication Agent (CCA) for authentication when accessing our network.
We use the client at various external locations which are all connected via RED. At one location (behind a Sophos UTM) this works without any problems…
Hi,
Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO
I can:
- Use the test button under the Entra account, it shows grren.
- I can connect and import groups into the firewall from Entra
- I can sign into the firewall
I cannot…
My WiFi access points are connected through XG135 firewall capitive portal by creating user credentials. All the users are getting " this net work is untrusted/unsafe" message. What could be the reason
Hi We have a guest Wi-Fi allowing guest users the ability to login to a hotspot (password of the day) and access the internet. Is there a way to capture a username before they have access to the internet.
I don't particularly want to have to create…
Good day,
Sophos Captive portal has been enabled at our site and works but we noticed that if users move around the premises and roam to a different access point, they would have to reauthenticate using the captive portal. I had even set the signout…
Das synchronized User ID Feature unter Windows ist wirklich super.
Es wäre toll, wenn es das auch für MacOS geben würde und man für die Authentifizierung im lokalen Netzwerk nicht den Sophos Authentication Client benötigen würde.
Hello
Our client wants to limit access to his network, We installed and configured Sophos XGS2300 with web authentication, and the network has 3 VLANs . the challenge is that each time users roam out of the network, it requires them to sign in again…
Hi team,
I'm reaching out regarding an issue I'm encountering while setting up Multi-Factor Authentication (MFA) with tokens on our Sophos Firewall.
I have three administrators on the firewall.
I've enabled the "Generate OTP token with next sign…
Referring to this thread discussion. MFA on web authentication
When this setting is used, MFA is not prompted for client VPN users. VPN users can login with username and password only. No MFA required.
When "No OTP" is changed to "Specific Groups…
Hello everyone,
We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts.
Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…
Hello,
I dealing with this problem while trying to use external authentication via AD to manage ipsec user connections, i have created a group ou my AD for the users i want to permit access, on the fw on remote access i have give permission to this…
Hello, i'd like to report a possible bug without to make a case.
We're using SFOS 19.5.3 MR-3, and tried to activate MFA for VPN or the userportal.
Of five users, we had always two people who had problems with a OTP timestamp of more than 30 sec …