Hi,
Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO
I can:
- Use the test button under the Entra account, it shows grren.
- I can connect and import groups into the firewall from Entra
- I can sign into the firewall
I cannot…
Hey all,
I have a question that seems to not be addressed in any other related community forum I could find.
I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…
Hi,
I have Sophos home deployed in our network, with AD groups synced-in from AD server for user-based internet access.
For a month or so now, when any users changes their domain user password, SSO (single sign on) does not work for them and they…
Hi,
My client already use a radius server for authenticated they users. Actually, only the switch contact the radius.
I would like to do the following but I don't know if it's possible: Est-il possible de configurer le portail VPN pour que l'utilisateur…
Hey,
we have been using an ldap connection to sync usrs from our local AD to our XGS appliance.
Since we're migrating, we have changed the UPN and mailaddresses of all users in our AD.
Sadly sophos doesn't get that, therefore rules that match…
Guten Morgen zusammen,
wir versuchen die AD User mit unserer Sophos XGS zu syncronisieren.
Ziel ist es, die User die sich am TS anmelden auch auf der FW zu sehen, damit wir die Aktivitäten überwachen können.
Was wir gemacht haben:
https:/…
Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
UPN
Configuration
Active…
My WiFi access points are connected through XG135 firewall capitive portal by creating user credentials. All the users are getting " this net work is untrusted/unsafe" message. What could be the reason
Hello,
I have done a setup with a clsuet of 3300 appliances.
For authentication I have configured an active directory domain controler, joined the domain, imported the groups and activated AD SSO on the zones.
In Auth-Log the NTLM and Kerberos channel…
Hi We have a guest Wi-Fi allowing guest users the ability to login to a hotspot (password of the day) and access the internet. Is there a way to capture a username before they have access to the internet.
I don't particularly want to have to create…
Hello,
We use SSO AD Authentication (Windows Server 2022) for web clients in standard proxy mode and it works.
As far as I know, for the XGS to join the AD, NTLM and SMB are required to works.
Now we're in the process of hardening our AD and want…
Good day,
Sophos Captive portal has been enabled at our site and works but we noticed that if users move around the premises and roam to a different access point, they would have to reauthenticate using the captive portal. I had even set the signout…
Das synchronized User ID Feature unter Windows ist wirklich super.
Es wäre toll, wenn es das auch für MacOS geben würde und man für die Authentifizierung im lokalen Netzwerk nicht den Sophos Authentication Client benötigen würde.
Hello,
I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However…
Hello, we have a single remote user at our organization using the Remote SSL VPN group. We do not use AD to sync passwords or anything. they are just set by the Admin. He emailed me today saying that his password expired, and he can log-in to the VPN…
Dear,
I would like some help on how I can do this or if there is a way to do something in the following case:
We have a client where his firewall is linked to AD, within his internal network, there are some employees who have access to VPN when they…
Dear Community,
i’m forced with tracking some users behavior, especially if and which private sites they access from their company PC (i.e. youtube, etc.)
I stumbled upon some problems though.
My general understanding is, that the first thing to…
Hi there,
I’ve configured WAF for an Exchange Server 2019 according to this guide:
https://www.frankysweb.de/sophos-utm-9-4-waf-und-exchange-2016-ohne-rpcoverhttp/
OWA and ActiveSync works fine but I have trouble getting Outlook Anywhere working…
Hi there,
I found a four years entry here in the forums where somebody asked why a member of the protected users group in active directory is not able to login to webadmin of the Sophos XG. This issue seems still to be existing.
The protected users…
Hello
Our client wants to limit access to his network, We installed and configured Sophos XGS2300 with web authentication, and the network has 3 VLANs . the challenge is that each time users roam out of the network, it requires them to sign in again…
Hi Sophos community,
I'm having a issue for my Wireless router. I have created two rules:
1. Rule 1 for AD users to WAN In the above rule internet is allowed once user is authenticated via AD. Everything is working fine.
2. Rule 2 for Wifi router…
Hi, can anyone point me in the right direction on how i can setup Google LDAP on the Sophos Firewall for user login and identification? I have setup the LDAP on the Google Workspace, but i need to how to map the fields to Sophos
Thanks
Anto
Hi team,
I'm reaching out regarding an issue I'm encountering while setting up Multi-Factor Authentication (MFA) with tokens on our Sophos Firewall.
I have three administrators on the firewall.
I've enabled the "Generate OTP token with next sign…
Referring to this thread discussion. MFA on web authentication
When this setting is used, MFA is not prompted for client VPN users. VPN users can login with username and password only. No MFA required.
When "No OTP" is changed to "Specific Groups…
Hello everyone,
We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts.
Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…