• SSL VPN with and without radius/mfa

    Louis D
    Louis D
    hello, we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users. ssl authentication servers are radius and AD. when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XGs MFA authentication with push notifications

    Ignas Butrimas
    Ignas Butrimas
    Hello, maybe are some way to setup MFA auth with Azure AD MFA with push notifications? I mean when connect to Sophos XGs (User portal, Admin portal, VPN) in your phone pop-up window in you MS Authenticator app in the phone and you need only to allow…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • default admin MFA QR code

    Bob Unangst
    Bob Unangst
    How do I generate a new QR Code for the default admin account? New phone so had to reload authenticator and lost existing devices. I have access to the web interface using another admini account but cannot seem to locate a way to generate a new QR code…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: How to configure Multi-factor authentication and understanding the OTP timestep settings

    Vivek Jagad
    Vivek Jagad
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Enabling Multifactor Authentication…
    • over 1 year ago
    • Sophos Firewall
    • Recommended Reads
  • Sophos SSL-VPN with MFA client password save

    Niels Wijdenes1
    Niels Wijdenes1
    Hello, Recently I have rolled out SSL-VPN solutions for several clients, all of them are complaining about the inability to save their passwords and state that the Sophos client is very user-unfriendly. I agree in this and want a solution. MFA is…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG 19.5 otp field

    Bart van der Horst
    Bart van der Horst
    Hi, Is it possible put an otp field in the weblogon pages (admin & users)? Kind regards Bart
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Using Azure MFA for SSL VPN and User portal

    twister5800
    twister5800
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Radius Validation Control…
    • over 4 years ago
    • Sophos Firewall
    • Recommended Reads
  • Generate OTP token with next sign-in

    Jae
    Jae
    Hi, I recently upgraded to SFOS 17 to 19.0.1 MR-1 and I used to have access to the user's QR codes as admin. This was handy with remote users when they got new phones or lost their phone I could easily add the OTP token back to their new phone. I understand…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Change OTP token's user via API

    Ondřej Valentík
    Ondřej Valentík
    Hello, I want to change users of all OTP tokens on all of our firewalls because of domain change. Users with new domain already exists on the firewalls and I can change them manually via web GUI, but as we are talking about hundreds of tokens here,…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG and Duo MFA not working properly, new setup

    Josh Lawrie
    Josh Lawrie
    I am facing an issue with setting up Duo for the Sophos XG firewall. I know Sophos has not built out their dedicated API to work with Duo yet (need to resort to using Sophos UTM application protection in Duo), but I have confirmed that this is working…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Do my NTP settings make a difference when authenticating via SSL VPN with MFA?

    newbie_IT
    newbie_IT
    Hello everyone, I apologize ahead of time in case none of this makes sense. I'll start with some background info. We implemented MFA not too long ago on our SSL VPN connections. Our Sophos XG is configured to use AD credentials to authenticate.…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2FA with AD-Groups

    LHerzog
    LHerzog
    Hi, we have turned on 2FA for all our users for VPN and userportal. Currently each user has been added individually to "Multi-factor authentication (MFA) settings". By doing this we were most flexible. So far so good. Now we want to switch…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2FA + CAA on Linux or MacOS clients - poor usability

    LHerzog
    LHerzog
    Hello, we have Linux with Sophos Antivirus and MacOS Clients with Intercept X installed. On the firewall we have many rules with userauthentication (and heartbeat) required. We enabled 2FA for many users to secure our SSL VPN. The users are required to…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Has Anyone Successfully setup MFA on their SSL VPN using a third party that can send push notifications instead of appending a password?

    LRJadmin
    LRJadmin
    We are in the stages of rolling out MFA on every connection possible with our clients, and the last step is the Sophos SSL VPN we use in conjunction with our XG firewalls and our identity provider OKTA. We have been looking to implement this for some…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • One account, one password with MFA on different phones

    stephang_01
    stephang_01
    I have two independent users that use the same login and password. One of the users has installed the MFA QR code. I would like for the other user to have his own Authenticator. Is this possible?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How do we prevent Sophos Connect with MFA on Users from retrying once the tiemout has passed?

    John Skadowski1
    John Skadowski1
    Hello Sophos Community, We purchased the Sophos XG series to replace our use of Cisco ASA firewalls. We've been generally satisfied with the change. However, the last remanant to repplace the ASA completely is User VPN access. The Cisco AnyConnect…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IKE VPN, AzureAD MFA, RADIUS, and Sophos Connect

    Marcel du Preez
    Marcel du Preez
    Hi I've configured AzureAD authentication, with MFA, through a RADIUS server and Windows Server NPS role (mostly thanks to this article: Sophos XG: Using Azure MFA for SSL VPN and User portal - Recommended Reads - Sophos Firewall - Sophos Community…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • how to temporarily disable 2FA requirement for one user?

    LHerzog
    LHerzog
    Hi, in case a user forgot the token generator / smartphone at home. Is there a better way than to remove a user from Authentication / Multi-factor authentication (MFA) settings? Imagine you set One-time password (OTP) required for: All users…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG SSL VPN and Native AAD

    RobB @ SK
    RobB @ SK
    Hi, I'm getting some pushback from management about having to sustain the ADDS option purely for VPN access with the XG units. Can anyone in Sophos shine a light at all on when we're going to see native AAD support for access control and MFA? Yes…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • ssl vpn multi factor authentication (mfa) in two steps

    Sophos22
    Sophos22
    is it possible to have ssl vpn (remote access) with multi factor authentication in two steps? this means a further step in authentication process asking for otp? background: we would like to save user password in vpn client and only ask for otp each…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Reissue MFA Token for a user after a new mobile phone and authenticator

    Fred_B
    Fred_B
    Sophos MFA secret keys are not restored when restoring a backup profile to a new mobile phone. In the past as XG administrator I could see the token and help the user to add it again to his phone. That is now no longer possible as I need a OTP to see…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to turn off MFA for User Portal while Generate OTP token with next sign-in is still ON?

    Nur Sakibul Huda
    Nur Sakibul Huda
    Hi. We are interested in turning on Multi-factor authentication (MFA) settings for SSL VPN Remote Access. But whenever we turn it on, the OTP for User Portal is also turned on automatically and is greyed out. So we can't turn it off unless we turn off…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2FA-Token (OTP) for IPSec-RemoteAccess without SophosConnect Client

    nils50122
    nils50122
    Hello, we have the following problem. We need to ensure remote access for an external support company. For those 24/7 remote access we need mandatory any type of two factor authentication in IPSec. For internal home-office remoteaccess clients…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • MFA - Can't scan QR

    Stuart James
    Stuart James
    Doesn't seem to be an option for "Can't scan QR code" which normally gives you a code you can enter to Authentication app to add manually. Even Microsoft has this ability on 365. Can this be added?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Turning off MFA

    David Harrison1
    David Harrison1
    Hi all, I've leaving my current company in a few weeks, (and they don't have a replacement tech. just yet) I've been in to my two firewalls and disabled the MFA (OTP), so the next person can setup their own authenticator app when they start. Now…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
<>