• Looking for a "best practice" design or tips for multiple location/firewall authentication

    kerobra
    kerobra
    Hi, we have a customer, who has about 10 branch offices with each 5 to 50 users and a headquarter with about 50 users. Every BO has its own XGS firewall, which is currently connected via IPSEC VPN and will later be connected via MPLS to the HQ. In HQ…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • SFOS 20 Entra AD SSO For Captive Portal/VPN Not Working

    colly72
    colly72
    I;m following the few videos that I can find about how to set up Entra AD SSO for captive portal and VPN but I can't seem to get it working. Are there any step by step instructions that I can follow, other than the published Sophos videos, which seem…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • (Auidt failure - 4625) log caused by the Stas user in the domain

    delivaldez
    delivaldez
    I have a Sophos xg210 model firewall. I use STAS to be included in the domain (Example Username: sophos_stas). I have a server not included in the domain. When I examine the security logs of this server from the event logs, I get an audit failure error…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • Adding new firewalls

    open_admin
    open_admin
    I am adding a new domain controller to our domain and am having trouble adding it to the authentication servers in Sophos. The server is active and working as expected and I've checked all of the same firewall settings as our old DCs. The only difference…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • how to avoid domain authentication on allowed router IP?

    Moeed Aziz
    Moeed Aziz
    Hi, I have Sophos Home edition on a machine, which use AD authentication in user-based rules to allow internet. In addition to that we have some IP based rules as well for some devices that cannot be joined (or we don't want to join them) to the domain…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • XGS 19.5.3 Build 652 - AD Group members lost

    Ingo Buyny
    Ingo Buyny
    Hello, i am quite new to the XGS Appliance, coming from the UTM. We still facing a lot of problems since the migration, one of that is the user authentication for SSO. The import of the users and the ad groups worked well and most of the useres…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Captive Portal

    Jayesh Auti
    Jayesh Auti
    Hi All, I'm facing issue with captive portal, some of my users are getting error The Connection has Timed out and the server is taking too long to respond. For some users captive portal is popoing automatically but for the some it's getting issue. Thank…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Nutzer aus AD einlesen auf XGS 2100 ?

    Carsten Bußmann
    Carsten Bußmann
    Moin, wir sind dabei, unsere XGS 2100 zu konfigurieren / Termin mit Partner steht noch aus, ich les und denke mich grad ein. Kann man User aus dem AD auslesen und automatisch angelegt bekommen ? Der AD Connect steht, ich kann auch Gruppen von Usern…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • Sync AD users to Sophos firewall

    Emad Al-qwassmi
    Emad Al-qwassmi
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Problema de Importación

    Xpertus SOC
    Xpertus SOC
    Buenas tardes Grupo sabrán porqué no me deja seleccionar en el ADDGROUPS, estará mal un Dominio?
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • STAS ignore Live User

    Technik Technik1
    Technik Technik1
    Hi altogether, our customer use a Sophos XGS3100 (SFOS 19.5.3 MR-3-Build652) and we have configured STAS according to best practice. Two DCs with Agent and two member servers with collector. Connection works fine and there is no firewall woh blocks…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Servers using insecure plaintext connections: 1

    Vaibhav Patil
    Vaibhav Patil
    Hi everyone, We have added AD server with sophos xg 230. And it is showing that "Servers using plaintext connection: 1" in Authentication > Servers . As you can see above. Please tell me solution. Regards, Vaibhav
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • SFOS FIrewall and AD authentication

    Jay23
    Jay23
    Hi Everyone, Sophos UTM user making the move to SFOS firewall and need some help. I am having a diffiecult time getting the settings right to authenticate to Active directory on a new Sophos Firewall. With the Sophos UTM software you entered the Bind…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Authentification Search Query

    Dominik Gidaszweski
    Dominik Gidaszweski
    Hallo zusammen, ich würde gerne den Search Query für die Authentifizierung abändern. Momentan zeigt die auf die OU "Benutzer". Ich würde dies nun gerne auf die neue OU VPN setzen wo es eine Gruppe mit allen VPN Nutzern gibt. Wenn ich dies mache…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • Sophos Firewall: How to Enable Multi-factor Authentication/OTP Settings With Captive Portal Authentication

    Vivek Jagad
    Vivek Jagad
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Product and Environment …
    • over 1 year ago
    • Sophos Firewall
    • Recommended Reads
  • Cannot establish NTLM authentication channel with XXXX

    Scott Doty
    Scott Doty
    Greetings, Please bear with me: We are getting the above message in our FW logs. I have verified the following things thus far: Users can login to the VPN and validate w/o issue and w/o the captive portal. The FW logs show all user activity for login…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Connect (SSLVPN) and native AzureAD (Entra)

    RobB @ SK
    RobB @ SK
    Can anyone share a roadmap update for getting native Azure AD (otherwise now known as Entra ID) authentication for Sophos Connect on XG appliances? The last thread was closed out nearly a year ago: Azure AD authentication for Sophos Connect - Discussions…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • how many failed attempts does ssl vpn query the AD on one attempt ?

    Chris Conway
    Chris Conway
    I notice that even though we only have 2 dc's, our failed password threshold is at 6 tries before locking but it seems people get locked out after only 1 failed attempt. is this manageable ? Thanks!
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Re-import users from Active Directory

    Fizzle
    Fizzle
    Sophos XGS 4500 19.5.3 Before I fully understood how the Sophos/AD import and integration worked with respect to users, groups, and authentication for SSL VPN I set up AD search scopes to import users. I didnt understand that Sophos would automatically…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • SFOS 19.5.3.652 failed to login to SSLVPN through RADIUS authentication mechanism because of access not allowed

    Vojtech Borkovec
    Vojtech Borkovec
    After updating to the version SFOS 19.5.3.652, users could not login to the VPN. Authorization is done on ESET's RADIUS server with OTP. The RADIUS server test will run correctly. There is an error in the log - failed to login to SSLVPN through RADIUS…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Setup MFA on SSL VPN Client With Eset Secure Authentication

    Louis Havenga
    Louis Havenga
    Good day Members, I trust you are well. We are trying to setup MFA for users to use with the VPN. We have Eset Secure authentication and would like to continue to use it as the MFA application. We currently have a Sophos xgs and are using the remote access…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Radius Authentication to Admin Interface Fails Despite Valid Test

    CF1 Tech
    CF1 Tech
    Hello, I am still relatively new with Sophos products. I've got a Radius server set up to authenticate users to the admin interface, but it's not working. I've reviewed the documentation several times and am unable to determine what I'm missing. I feel…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Firewall AD Authentication Failed

    tomrgsd
    tomrgsd
    We are experiencing an issue with authentication failures due to username not being retrieved a full username with the Heartbeat Auth Client. If I login via web client it authenticates properly. For example user1@domain.local. The logs are showing it…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Radius Server Attributes are Missed

    Muhammad Elbuvaydani
    Muhammad Elbuvaydani
    hello there , I am using the radius server to authenticate my clients , I configured the radius server and every things working fine , but when the Firewall sending Request to my radius server it is not sending the general attributes that the other brands…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Active Directory (AD) Users Getting Locked After Multiple Failed Attempts on SSL VPN with MFA Enabled

    Mayur Makvana
    Mayur Makvana
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Background Configuration…
    • over 1 year ago
    • Sophos Firewall
    • Recommended Reads
<>