• Entra ID SSO

    twister5800
    twister5800
    Hi, Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO I can: - Use the test button under the Entra account, it shows grren. - I can connect and import groups into the firewall from Entra - I can sign into the firewall I cannot…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Setting up LDAPS for authentication (Port 636) with Two DCs

    Rachel Salvadeo
    Rachel Salvadeo
    Hey all, I have a question that seems to not be addressed in any other related community forum I could find. I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • sophos xg home to AD password/group synchronization

    Moeed Aziz
    Moeed Aziz
    Hi, I have Sophos home deployed in our network, with AD groups synced-in from AD server for user-based internet access. For a month or so now, when any users changes their domain user password, SSO (single sign on) does not work for them and they…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • SSO RADIUS for vpn portal & vpn connect client

    Mathieu Rojo
    Mathieu Rojo
    Hi, My client already use a radius server for authenticated they users. Actually, only the switch contact the radius. I would like to do the following but I don't know if it's possible: Est-il possible de configurer le portail VPN pour que l'utilisateur…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • LDAP AD Sync - force new sync

    MM the Admin
    MM the Admin
    Hey, we have been using an ldap connection to sync usrs from our local AD to our XGS appliance. Since we're migrating, we have changed the UPN and mailaddresses of all users in our AD. Sadly sophos doesn't get that, therefore rules that match…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Windows Terminal Server User Syncronisation

    ChrisV
    ChrisV
    Guten Morgen zusammen, wir versuchen die AD User mit unserer Sophos XGS zu syncronisieren. Ziel ist es, die User die sich am TS anmelden auch auf der FW zu sehen, damit wir die Aktivitäten überwachen können. Was wir gemacht haben: https:/…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • German Forum
  • Sophos Firewall: Authentication Multi UPN configuration

    GiuseppeI
    GiuseppeI
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview UPN Configuration Active…
    • 6 months ago
    • Sophos Firewall
    • Recommended Reads
  • Firewall

    KYM
    KYM
    My WiFi access points are connected through XG135 firewall capitive portal by creating user credentials. All the users are getting " this net work is untrusted/unsafe" message. What could be the reason
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • AD SSO over Kerberos not working

    Brazzo
    Brazzo
    Hello, I have done a setup with a clsuet of 3300 appliances. For authentication I have configured an active directory domain controler, joined the domain, imported the groups and activated AD SSO on the zones. In Auth-Log the NTLM and Kerberos channel…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Guest Hotspot - Is there anyway to capture or enforce a username ?

    SimonGoode
    SimonGoode
    Hi We have a guest Wi-Fi allowing guest users the ability to login to a hotspot (password of the day) and access the internet. Is there a way to capture a username before they have access to the internet. I don't particularly want to have to create…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • NTLMv1 and SMBv1 still required for AD SSO on XGS6500 with 19.5.4 SFOS ?

    CiroDanise
    CiroDanise
    Hello, We use SSO AD Authentication (Windows Server 2022) for web clients in standard proxy mode and it works. As far as I know, for the XGS to join the AD, NTLM and SMB are required to works. Now we're in the process of hardening our AD and want…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Captive Portal re-authenticating users when roaming to different Unifi Access Points

    Temidayo Abayomi-Zannu
    Temidayo Abayomi-Zannu
    Good day, Sophos Captive portal has been enabled at our site and works but we noticed that if users move around the premises and roam to a different access point, they would have to reauthenticate using the captive portal. I had even set the signout…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Feature Request: Synchronized User ID Authentication for MacOS

    Janek Meyer
    Janek Meyer
    Das synchronized User ID Feature unter Windows ist wirklich super. Es wäre toll, wenn es das auch für MacOS geben würde und man für die Authentifizierung im lokalen Netzwerk nicht den Sophos Authentication Client benötigen würde.
    • 6 months ago
    • Sophos Firewall
    • German Forum
  • Separate MFA field for admin portal login

    J_87586
    J_87586
    Hello, I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Connect VPN password expired... not using AD for authentication

    Alex Glasener
    Alex Glasener
    Hello, we have a single remote user at our organization using the Remote SSL VPN group. We do not use AD to sync passwords or anything. they are just set by the Admin. He emailed me today saying that his password expired, and he can log-in to the VPN…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sync with AD

    Vânesson Santos
    Vânesson Santos
    Dear, I would like some help on how I can do this or if there is a way to do something in the following case: We have a client where his firewall is linked to AD, within his internal network, there are some employees who have access to VPN when they…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Troubles with tracking activities of a user

    ThoFe
    ThoFe
    Dear Community, i’m forced with tracking some users behavior, especially if and which private sites they access from their company PC (i.e. youtube, etc.) I stumbled upon some problems though. My general understanding is, that the first thing to…
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • UTM 9 WAF Outlook Anywhere login failed

    Olli-204
    Olli-204
    Hi there, I’ve configured WAF for an Exchange Server 2019 according to this guide: https://www.frankysweb.de/sophos-utm-9-4-waf-und-exchange-2016-ohne-rpcoverhttp/ OWA and ActiveSync works fine but I have trouble getting Outlook Anywhere working…
    • 7 months ago
    • UTM Firewall
    • Web Server Security
  • Member of Active Directory Protected Users Group: No Webadmin login possible

    Jürgen Walterscheidt
    Jürgen Walterscheidt
    Hi there, I found a four years entry here in the forums where somebody asked why a member of the protected users group in active directory is not able to login to webadmin of the Sophos XG. This issue seems still to be existing. The protected users…
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • SOPHOS NETWORK CLIENT AUTHENTICATION

    TimothyWanume
    TimothyWanume
    Hello Our client wants to limit access to his network, We installed and configured Sophos XGS2300 with web authentication, and the network has 3 VLANs . the challenge is that each time users roam out of the network, it requires them to sign in again…
    • Answered
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • Wifi Router internet goes down if a AD user tries to access internet via a WIFI router whose IP address is added to the Firewall rule allowed list

    Muhammad Safdar
    Muhammad Safdar
    Hi Sophos community, I'm having a issue for my Wireless router. I have created two rules: 1. Rule 1 for AD users to WAN In the above rule internet is allowed once user is authenticated via AD. Everything is working fine. 2. Rule 2 for Wifi router…
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • Setting up Google LDAP

    Antony Rappai
    Antony Rappai
    Hi, can anyone point me in the right direction on how i can setup Google LDAP on the Sophos Firewall for user login and identification? I have setup the LDAP on the Google Workspace, but i need to how to map the fields to Sophos Thanks Anto
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • enable 2FA with local administrators

    mohammed kassouat
    mohammed kassouat
    Hi team, I'm reaching out regarding an issue I'm encountering while setting up Multi-Factor Authentication (MFA) with tokens on our Sophos Firewall. I have three administrators on the firewall. I've enabled the "Generate OTP token with next sign…
    • Answered
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • disable MFA for captive portal

    ce_Sophos
    ce_Sophos
    Referring to this thread discussion. MFA on web authentication When this setting is used, MFA is not prompted for client VPN users. VPN users can login with username and password only. No MFA required. When "No OTP" is changed to "Specific Groups…
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • User Duo lockout SSLVPN

    Lance Ecklesdafer
    Lance Ecklesdafer
    Hello everyone, We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts. Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…
    • Answered
    • 8 months ago
    • Sophos Firewall
    • Discussions
<>