Hallo Zusammen FW Version: 18.0.4 MR-4 Web Authentication: Kerberos & NTLM (Ich habe auch schon nur NTLM probiert) Also ich habe SSO versucht mit folgender Anleitung zu aktieren: Wie man Kerberos-Authentifizierung aktiviert (sophos.com) Die LDAP…

Hello Community we have a strange behaviour at our xg 135, maybe you know something here. We’re doing this with a fully domain-joined windows 10 client with internal dns-servers and dhcp-adress an absolutely standalone windows 10 client with…

Hi all, We are migrating from a UTM to XG. XG is AD-integrated. My pilot users keep getting a 'This site can’t be reached' page, at address sxg.domain.local:8091/ntlmauth.html browsing, for example, to bbc.co.uk. Not always - sometimes it works, sometimes…

Hello everybody, I get a lot of reports on my Sophos about AD SSO errors. How can I fix this problem? Many Thanks

Deploying XG and trying hard to implement authentication using Kerberos/NTLM auth, but I find it to be very frustrating and causing internal traffic to be blocked. Considering switching to STAS. Anyone have experience implementing either/both on a 'standard…

I am troubleshooting AD single sign-on with my XG Firewall V18 MR3 I have found this in the help section, please can someone explain what the Firewall Rule mentioned in the Red Box in the screenshot below should consist of? I have no rules which allow…

Hello, Until now we used AD-SSO and it worked. Now we're in the process of hardening our AD and want to disable NTLM as far as possible. Since the UPM uses NTLMv2 for SSO that's a problem. Of course we can define an exception to still allow NTLMv2…

Hi, I recently deploy a cluster of XG330 with SFOS 17.0.6 MR-6 and the Authentication for WebFilter give me some problems. I have > 280 A/D Users, all is OK, but 2 users have a problem, they will not be authenticated and instead of the username on…

Dear, i am getting this error recently in log viewer. Cannot establish NTLM authentication channel with EMEQ SSO is working fine. Log Comp Status User Name IP Address …

Hello, recently I stumbled into an issue, that new clients would not connect to our RDWeb server through RemoteApp- and desktop connections. As they are able to connect using the internal FQDN, but not using the external domain name throwing an 401…

Dear, i am getting this error recently in log viewer. Cannot establish NTLM authentication channel with EMEQ SSO is working fine. Log Comp Status User Name IP Address Auth…

Hello everyone. I require your help with a concern that a client poses to me for which this is something reasio to mount the STAS on your domain controller to do SSO. The client asks us for a different method to do SSO, says that for them mount some…

As I hope everyone knows by now, Microsoft is strongly urging everyone to disable SMB1 on all Windows computers. Imagine my surprise to see, after disabling it, that the XG log viewer filled up with "Cannot establish NTLM authentication channel with Domain…

We can achieve AD user authentication in XG two way NTLM and STAS. My question is which method is best? Thanks Iffi

Hi all, I wonder if anyone here is having a problem with NTLM authentication problem for Firefox 52.1.1 ESR and Sophos UTM running transparent mode? We recently pushed out Firefox ESR version 52.1.1 update to a test group and they are all having the…

i'm trying to authenticate using NTLM but i get the following error Log viewer: Cannot establish NTLM authentication channel with genius and tail -f nasm.log '/oss/net' exited with invalid status 255 Apr 29 21:40:41.597689 [nasm…

Subject says it all; if you enable the STAS system for SSO, should you disable NTLM authentication? I am seeing what appears to be collision caused by having them both enabled, I see the SSO client get logged out by the firewall whenever the NTLM login…

Hello I Have a Sophos XG210 firewall with 16.05.1 MR-1 firmware, i have configured AD Server for uses authentification, and activated NTLM in device access on LAN , but when user open new windows session it's prompted do longin again when openning…

Hi all, We have CR100ING at a customer site (with sophos fw:16.05.0.GA). We are experincing problem. Active Directory sync is working without a problem on Ethernet. Users can go online with SSO authentication. When same user disconnects from Ethernet…