• can't delete AD user in FW XG

    Fabiano Pamplona dos Santos
    Fabiano Pamplona dos Santos
    Hi guys, We can't delete some users from sophos firewall. When we tried do this, this message was presented: " Couldn't delete user. A firewall rule, VPN connection, web policy rule, or SSL/TLS inspection rule exists for this user " We already delete…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Client Authentication Agent Operation

    Paul McGinnie
    Paul McGinnie
    Hi - I use the Authentication client for non domain joined machines onsite. I have a guest user who has a corporate machine which uses a VPN to his business network. Rather than create additional rules, I would like him to run the Authentication client…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Multi Site XG and MFA

    Ray Banville
    Ray Banville
    We have had 1 site for a long time - we have an XG appliance. we have users vpn to the site and then user RDP to connect to internal resources. The user id and logon on the XG are seperate from AD user logon and we are using Sophos MFA. We recently…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos X Active Directory authentication with multiple managed domains

    Guilherme Silva1
    Guilherme Silva1
    Hello guys! I currently have a scenario that uses authentication between the firewall and Active Directory. In this same Active Directory, in addition to the main domain, I have other domains with linked users. In the authentication configuration…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • QR code missing in SFOS 19.5.0

    itguy318
    itguy318
    Upgraded from 18.5 to 19.5 recently and found that i am unable to view user / admin QR codes under the authentication / one time password section. If a user changed a phone or lost, we would usually login to XG and see the QR code and scan it on the user…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Will SOPHOS Be Adding User Support for Web browsing from Azure AD for Web Filtering

    James Gaydusek
    James Gaydusek
    We are currently using SOPHOS for our Firewall. We would like to tie it into our Azure AD. Since we had issues with RW, we will not put in a AD server on premise and according to Microsoft that AD was going to be phased out and Azure AD was going to be…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • How to identify AD-imported groups in SFOS?

    LHerzog
    LHerzog
    Is it somehow possible to identify which groups in SFOS have their source in Active Directory? To me local and AD groups all look the same on SFOS. Even after export of them as entities.tar. That makes managing larger environments with local groups…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • SSL VPN with and without radius/mfa

    Louis D
    Louis D
    hello, we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users. ssl authentication servers are radius and AD. when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Central Azure AD WLAN certificates

    ADHero
    ADHero
    Hello all, We are currently trying to change the authentication of our Wifi to certificates authentication, but are currently failing in the selection and setup of the RADIUS server. We use an Azure AD (no local Active Directory available) and have…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF authentication fails

    Peter-Paul Gras
    Peter-Paul Gras
    I have to create a user with username equal to mailadrres ( name@domin.com ) Purpose is to use this user to authenticate with a login form with passthrough in a WAF rule. When i try to authenticate nothing happens, when i authenticate with a username…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Regla de Enrutamiento Estatico

    Roman Laboreo
    Roman Laboreo
    HOla! tengo un problema y a ver si alguien le ha pasado lo mismo y como puedo solucionarlo. Tengo un DC con DNS "pepito.local" donde tengo un servidor Web publicado al exterior por el dns https://CRM.pepito.com . En la zona LOCAL tengo creada…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • MAC-binding on captive portal authentication mechanism

    shahed alosta
    shahed alosta
    I have configured a captive portal for users authentication, for some purposes i have to bind each user with a specific MAC address, can any one help me Best regards
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Firewall not collecting AD Users

    Stuart Gay
    Stuart Gay
    So I have an XG firewall that is Authenticated with our 2 local AD Servers and was looking for some assistance with the below. 1. I did a migration to 2 new 2019 DCs last year and even though we kept the IPs the same, the names changed. Now for some…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Import Group Wizard hangs

    TrupiD
    TrupiD
    Hi, there is already discussion from 4 years ago (+) Import Group Wizard hangs at "Select AD groups to import" - Discussions - Sophos Firewall - Sophos Community that got solved. I have this exact problem also today on an XG 230 Appliance that…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Authentication

    Stuart James
    Stuart James
    I understand that using Kerberos is the new recommendation from Sophos to replace STAS so that nothing needs to be installed/configured on the DC's themselves. I've followed this document: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • SATC: Syntax of Option SatcExcludedUsers

    IT BLD
    IT BLD
    Hello Community, I configured some Terminalservers with Intercept X and SATC (Sophos Authentication for Thin client) and User Accounts are recognized and can be used in XGS3300 Firewall rules. So far so good! Now I wish to exclude some User Accounts…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XGs MFA authentication with push notifications

    Ignas Butrimas
    Ignas Butrimas
    Hello, maybe are some way to setup MFA auth with Azure AD MFA with push notifications? I mean when connect to Sophos XGs (User portal, Admin portal, VPN) in your phone pop-up window in you MS Authenticator app in the phone and you need only to allow…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Captive Portal

    Derreck+254
    Derreck+254
    Hello. My client wants to tweak the behavior of his organization's captive portal. Currently, some devices after gaining access to the Wi-Fi aren't being redirected to the captive portal page. I performed a reboot of the firewall and all users were…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Authenticator App Not In Play Store

    Charlie Wirth
    Charlie Wirth
    I cannot find the Sophos Authenticator app in the Android Play Store. It was there a couple months ago. Where can I find this app to install it on a cell phone?
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • XG fails to join domain 18.5.5

    NTW Infrastructure
    NTW Infrastructure
    Hi all We are having trouble with a test instance of XG 18.5.5 in which we can not get it to join our domain. We are running some 18.5.1 devices which did not have any issues with joining a domain but 18.5.5 just does not play ball. We get the…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • default admin MFA QR code

    Bob Unangst
    Bob Unangst
    How do I generate a new QR Code for the default admin account? New phone so had to reload authenticator and lost existing devices. I have access to the web interface using another admini account but cannot seem to locate a way to generate a new QR code…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Network Agent Android

    Andreas Kossmann1
    Andreas Kossmann1
    Hi, i have a question. I have a Sophos Firewall at home. I have rules and Web Policys for special users, so i had installed the Sophos Network Agent on my smartphone. This is some time ago. Now i have a new rule. I need on other Android devices…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Can you change all user settings at once?

    Don Osi
    Don Osi
    I am trying to change all users' session setting to only 2 can i perform this process all at once or do it individually?
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: How to configure Multi-factor authentication and understanding the OTP timestep settings

    Vivek Jagad
    Vivek Jagad
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Enabling Multifactor Authentication…
    • over 1 year ago
    • Sophos Firewall
    • Recommended Reads
  • sophos XG retaining authentication details on an existing ip address.log on to captive portal

    Don Osi
    Don Osi
    sophos XG retaining authentication details on an existing ip address.log on to captive portal If i log in for the first time and after i get back into the office for the second day and i am giving an IP address it uses the existing authentication details…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
<>