• user cant login admin portal due to wrong 2fa

    Sophos User1175
    Sophos User1175
    hi all, a user of mine cant login the admin portal due to the number only being 30 sec instead of 45 sec, is there any cure for this please we have tried to get the "sophos authenticator" app from the play store but its no longer there, any other…
    • 9 days ago
    • Sophos Firewall
    • Discussions
  • SSL VPN 2FA options - or how to prompt for the OTP token?

    furicle
    furicle
    I'd like to roll out SSLVPN to some of our users, but the password concatenated with the OTP code is very awkward.... You can't save the password, and you can't easily use a password manager either. Is there some way or 3rd party software that will…
    • Answered
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • User member of multiple AD Groups - why not working for MFA / 2FA?

    LHerzog
    LHerzog
    We have AD synced Groups. We use them for FW Rule permissions, SSL VPN access and MFA control on the Firewall. Now we have this scenario: User XY is member of these groups: Group A (used for a firewall rule) Group B (all members of the company,…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • AD Accounts locked by brute force despite MFA & ACL rule

    Markus Quirmbach
    Markus Quirmbach
    Hello everyone, we have a XGS set up with SSL VPN, the VPN Portal, AD integration and MFA for every user. Currently we are facing brute force attacks on the VPN Portal. We tried to prevent those by setting up an ACL rule which is blocking countries…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • XGS3300 MFA for SSL VPN

    MM the Admin
    MM the Admin
    Hey, is there a possibility to set up MFA for SSL VPN on the XGS 3300? Maybe even a SAML authentication with the MS authenticator? Can't find any infos on that in the documentation, neither can i find an optiuon the the admin panel. Can anyone…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • OTP Issues with several users

    Quallensaft
    Quallensaft
    Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Implementation of provisioning + OTP in Sophos Connect client

    seroal
    seroal
    Hi there, I´m refering to this thread: Unsatisfactory implementation of provisioning + OTP in Sophos Connect client Is it still not possible to SETUP OTP during first Sophos Connect Login? Is it still necessary to have all users connecting to…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Citrix Netscaler 2FA Not Working with Sophos XG Web Server Protection

    cromwell uy
    cromwell uy
    As with our current Sophos XGS Firewall Rules and Policies configurations, the Citrix Netscaler 2FA authentication is working. We started planning of using the Sophos XG Firewall Web Server Protection. The license required were purchased and registered…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Separate MFA field for admin portal login

    J_87586
    J_87586
    Hello, I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • MFA OTP Users and groups

    Sophos User3521
    Sophos User3521
    I have a XGS2100 and have a query, I have created a new group in the ad and assigned users to it, then I went to remote access vpn>ssl and greated the group there also. My query is that I cannot find that group when I search for it. Any ideas why…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • enable 2FA with local administrators

    mohammed kassouat
    mohammed kassouat
    Hi team, I'm reaching out regarding an issue I'm encountering while setting up Multi-Factor Authentication (MFA) with tokens on our Sophos Firewall. I have three administrators on the firewall. I've enabled the "Generate OTP token with next sign…
    • Answered
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • disable MFA for captive portal

    ce_Sophos
    ce_Sophos
    Referring to this thread discussion. MFA on web authentication When this setting is used, MFA is not prompted for client VPN users. VPN users can login with username and password only. No MFA required. When "No OTP" is changed to "Specific Groups…
    • 7 months ago
    • Sophos Firewall
    • Discussions
  • User Duo lockout SSLVPN

    Lance Ecklesdafer
    Lance Ecklesdafer
    Hello everyone, We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts. Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…
    • Answered
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Connect: MFA box parameter in .ovpn files?

    Quallensaft
    Quallensaft
    Is there any way to activate the MFA box at login in Sophos Connect direct in a .ovpn config (no provisioning)? I guess with provisioning the firewall will also only create a .ovpn config with a parameter for MFA. client dev tun proto udp verify-x509…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Limit NON MFA ssl vpn access to specific public ip

    Matteo Vinti
    Matteo Vinti
    Hello everyone, I searched the forum if there is a way to limit SSL VPN access to a specific Public Ip Address but it seems to me that You cannot do it. I see that when You create a Group or a User there is a section called "Limit access" that lets…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Possible bug SFOS 19.5.3 MR-3, random OTP timing leads to login error

    SenorChang
    SenorChang
    Hello, i'd like to report a possible bug without to make a case. We're using SFOS 19.5.3 MR-3, and tried to activate MFA for VPN or the userportal. Of five users, we had always two people who had problems with a OTP timestamp of more than 30 sec …
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS MFA OTP scan QR Code Loop

    VTH
    VTH
    Hello, we use a XGS 2300 SFOS 19.5.3 MR-3-Build652 and I activated MFA for my account. When I login I can scan the QR code and I can see that a token is generated but everytime I log in it says that the QR code is unused and I should scan it again…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Unblock IP that had to many failed login attempts

    Sophos User5928
    Sophos User5928
    We have activated the blocking function when someone had too many failed logins. While this is quite useful to block unwanted third-party login attempts, we sometimes have our own VPN users which fail to enter their password correctly or the TOTP. Is…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • How to enable Sophos Connect using the CLI with an OTP?

    ff9394611
    ff9394611
    Hello there, I am trying to connect to the VPN using the command line "sccli". When there no One Time Password, it works without a problem. But when OTP is active, I can't seem to get it done. I came across this post that says to use {PASSWORD}{TIMEOTP…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Sophos SSLVPN and DUO

    Richard Hamblin
    Richard Hamblin
    Hi everyone, I have Sophos SSLVPN working with DUO tokens. The user types in their password adds a comma and then token number. What I would like to do is use the provisioning file to add a seperate input box to add the duo token number. It just makes…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Why this Password didn't work for Userportal & AD

    dirkkotte
    dirkkotte
    Hi all, we run into problems authenticating on userportal with AD-user account Password AA#bb#123456 didn't work XX.yy.111111 didn't work too but this works ... 111111.XX.yy There is no otp-token for the user until now. This should be created…
    • Answered
    • over 1 year ago
    • UTM Firewall
    • General Discussion
  • iOS Built-In VPN mit Multifaktor-Authentisierung

    gian duri calonder
    gian duri calonder
    Hallo Kann man irgendwie den im iOS eingebauten Client nutzen um sich über IPSec ins Sophos Firewall-Netzwerk zu verbinden, jedoch mit aktiver Multifaktor--Authentisierung? Derzeit ist IPSec mit MFA eingerichtet, das würde ich gerne auf die Smartphones…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • Disable auto reconnect for VPNs with Sophos Connect

    Martin Choy
    Martin Choy
    Hi peoples, So maybe i'm doing this wrong... im currently testing 2FA for VPN users. We are using the Sophos Connect client with IPSec into an XGS 116. Currently using DUO for the 2FA. Everything is connecting up fine, but i want to enable the option…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos OTP token need to sync after reboot

    Lee Jiaze
    Lee Jiaze
    Hi Everyone, I have a query here, is it we need to sync the otp token when the Sophos XG is done reboot?
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • MFA Hardware Token lassen sich nicht benutzen- Teil 2

    Jimmy Ertan
    Jimmy Ertan
    Hallo Allerseits, wie schon im gleichnamigen Thread schon angesprochen wurde, haben wir auch das selbe Problem. MFA Hardware Token lassen sich nicht benutzen - German Forum - Sophos Firewall - Sophos Community Eine Antwort, wir sollen 128 Bit SHA…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
>