• SSL VPN 2FA options - or how to prompt for the OTP token?

    furicle
    furicle
    I'd like to roll out SSLVPN to some of our users, but the password concatenated with the OTP code is very awkward.... You can't save the password, and you can't easily use a password manager either. Is there some way or 3rd party software that will…
    • Answered
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • STAS issues with RDP

    jtaylor
    jtaylor
    We use a lot of single user RDP sessions so I've configured STAS with Registry Read polling and it works except for two issues: - When the polling happens every three minutes, the live users for the RDP sessions drop out for up to 10 seconds. - If…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • SOPHOS STAS inactivity Timer issue

    Ahmad
    Ahmad
    hi, i have XGS2100 (SFOS 20.0.2 MR-2-Build378).very wired issue is being faced. i am using STAS for user authentication. user rule is down in the rules. on top of all i have created rule in which i added mac address of few users. this rule is not working…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Outlook and teams' application disconnect frequently

    Rameshwar Apar
    Rameshwar Apar
    Hi all, we are using XG firewall and using STAS authentication for user internet access. we are facing issue with outlook and teams application this application getting discounted frequently, but that time internet is working fine with the system…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Username disappears in SSL VPN connection - XGS3100

    astiadmin
    astiadmin
    Hi all, I have a problem with - at the moment reportedly - two users. They can establish a VPN connection successfully and every works well. However after sometime the username information gets lost, i. e. the username field in the log is shown as empty…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • STAS - Does anyone have detailed walkthrough on configuring "Permissions on all endpoint computers" with GPO

    DG1
    DG1
    I would like to change my STAS configuration to use a dedicated service account. I am following the guidance here - https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-STAS-transparent However…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Android/iOS mit Zertifikat in WLAN zulassen

    Rainer Krause
    Rainer Krause
    Hallo ... Ist es möglich, mit der XG/XGS eine SSID zu veröffentlichen, die Android/iOS Geräte mittels eines Zertifikates authentifiziert und bei Erfolg sich mit der SSID verbinden lässt? Bisher erledigen wir dies über Preshared Key und zusätzlich…
    • 3 months ago
    • Sophos Firewall
    • German Forum
  • Web Server Authentication Policy by other group memberships

    Marlon Bellmann
    Marlon Bellmann
    Hello, I am trying to use Authentication Policies for one of our Web Servers to restrict access to members of three specific Active Directory groups. When the user logs in, the authentication log shows a successfull login, but the site just reloads…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • STAS random disconnects live users - FW webfilter is blocking then

    Speedfish
    Speedfish
    Hello Sophos Community, first of all everything worked with STAS the last months without any problems.This week starting from monday on we are experiencing random disconnects on our STAS backend (it seems). It hits several live users randomly. They…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • SSL VPN users password need to expire automatically after specific days

    Kiran Jedhe
    Kiran Jedhe
    Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • sophos xg125 vpn client with smartcard authentication

    Udo Wack
    Udo Wack
    Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • OTP Issues with several users

    Quallensaft
    Quallensaft
    Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Client Authentication Agent issue with MSI package and the certificate

    Nick KEY
    Nick KEY
    Hi , I have a issue with the Sophos Client Authentication Agent the "MSI" File. If I deploy the Agent with MSI File, it installed it and I can run it, but I am getting the error with Certificate (I think the ClientAuth_CA.scc) file cannot be find. …
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • CCA not working behind another XGS and RED

    Dennis Kirschner
    Dennis Kirschner
    Hello, We use the Client Authentication Agent (CCA) for authentication when accessing our network. We use the client at various external locations which are all connected via RED. At one location (behind a Sophos UTM) this works without any problems…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Entra ID SSO

    twister5800
    twister5800
    Hi, Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO I can: - Use the test button under the Entra account, it shows grren. - I can connect and import groups into the firewall from Entra - I can sign into the firewall I cannot…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Firewall

    KYM
    KYM
    My WiFi access points are connected through XG135 firewall capitive portal by creating user credentials. All the users are getting " this net work is untrusted/unsafe" message. What could be the reason
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Guest Hotspot - Is there anyway to capture or enforce a username ?

    SimonGoode
    SimonGoode
    Hi We have a guest Wi-Fi allowing guest users the ability to login to a hotspot (password of the day) and access the internet. Is there a way to capture a username before they have access to the internet. I don't particularly want to have to create…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Captive Portal re-authenticating users when roaming to different Unifi Access Points

    Temidayo Abayomi-Zannu
    Temidayo Abayomi-Zannu
    Good day, Sophos Captive portal has been enabled at our site and works but we noticed that if users move around the premises and roam to a different access point, they would have to reauthenticate using the captive portal. I had even set the signout…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Feature Request: Synchronized User ID Authentication for MacOS

    Janek Meyer
    Janek Meyer
    Das synchronized User ID Feature unter Windows ist wirklich super. Es wäre toll, wenn es das auch für MacOS geben würde und man für die Authentifizierung im lokalen Netzwerk nicht den Sophos Authentication Client benötigen würde.
    • 6 months ago
    • Sophos Firewall
    • German Forum
  • SOPHOS NETWORK CLIENT AUTHENTICATION

    TimothyWanume
    TimothyWanume
    Hello Our client wants to limit access to his network, We installed and configured Sophos XGS2300 with web authentication, and the network has 3 VLANs . the challenge is that each time users roam out of the network, it requires them to sign in again…
    • Answered
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • enable 2FA with local administrators

    mohammed kassouat
    mohammed kassouat
    Hi team, I'm reaching out regarding an issue I'm encountering while setting up Multi-Factor Authentication (MFA) with tokens on our Sophos Firewall. I have three administrators on the firewall. I've enabled the "Generate OTP token with next sign…
    • Answered
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • disable MFA for captive portal

    ce_Sophos
    ce_Sophos
    Referring to this thread discussion. MFA on web authentication When this setting is used, MFA is not prompted for client VPN users. VPN users can login with username and password only. No MFA required. When "No OTP" is changed to "Specific Groups…
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • User Duo lockout SSLVPN

    Lance Ecklesdafer
    Lance Ecklesdafer
    Hello everyone, We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts. Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…
    • Answered
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • User user@mydomain.local failed to login to VPN through AD authentication mechanism because of access not allowed

    Célio Rodrigues
    Célio Rodrigues
    Hello, I dealing with this problem while trying to use external authentication via AD to manage ipsec user connections, i have created a group ou my AD for the users i want to permit access, on the fw on remote access i have give permission to this…
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • Possible bug SFOS 19.5.3 MR-3, random OTP timing leads to login error

    SenorChang
    SenorChang
    Hello, i'd like to report a possible bug without to make a case. We're using SFOS 19.5.3 MR-3, and tried to activate MFA for VPN or the userportal. Of five users, we had always two people who had problems with a OTP timestamp of more than 30 sec …
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
>