hello,
we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users.
ssl authentication servers are radius and AD.
when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i…
Hello,
maybe are some way to setup MFA auth with Azure AD MFA with push notifications? I mean when connect to Sophos XGs (User portal, Admin portal, VPN) in your phone pop-up window in you MS Authenticator app in the phone and you need only to allow…
How do I generate a new QR Code for the default admin account? New phone so had to reload authenticator and lost existing devices. I have access to the web interface using another admini account but cannot seem to locate a way to generate a new QR code…
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
Enabling Multifactor Authentication…
Hello,
Recently I have rolled out SSL-VPN solutions for several clients, all of them are complaining about the inability to save their passwords and state that the Sophos client is very user-unfriendly. I agree in this and want a solution.
MFA is…
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
Radius Validation
Control…
Hi,
I recently upgraded to SFOS 17 to 19.0.1 MR-1 and I used to have access to the user's QR codes as admin. This was handy with remote users when they got new phones or lost their phone I could easily add the OTP token back to their new phone. I understand…
Hello,
I want to change users of all OTP tokens on all of our firewalls because of domain change. Users with new domain already exists on the firewalls and I can change them manually via web GUI, but as we are talking about hundreds of tokens here,…
I am facing an issue with setting up Duo for the Sophos XG firewall. I know Sophos has not built out their dedicated API to work with Duo yet (need to resort to using Sophos UTM application protection in Duo), but I have confirmed that this is working…
Hello everyone,
I apologize ahead of time in case none of this makes sense. I'll start with some background info.
We implemented MFA not too long ago on our SSL VPN connections. Our Sophos XG is configured to use AD credentials to authenticate.…
Hi,
we have turned on 2FA for all our users for VPN and userportal.
Currently each user has been added individually to "Multi-factor authentication (MFA) settings".
By doing this we were most flexible. So far so good.
Now we want to switch…
Hello, we have Linux with Sophos Antivirus and MacOS Clients with Intercept X installed. On the firewall we have many rules with userauthentication (and heartbeat) required. We enabled 2FA for many users to secure our SSL VPN. The users are required to…
We are in the stages of rolling out MFA on every connection possible with our clients, and the last step is the Sophos SSL VPN we use in conjunction with our XG firewalls and our identity provider OKTA. We have been looking to implement this for some…
I have two independent users that use the same login and password. One of the users has installed the MFA QR code. I would like for the other user to have his own Authenticator. Is this possible?
Hello Sophos Community,
We purchased the Sophos XG series to replace our use of Cisco ASA firewalls. We've been generally satisfied with the change. However, the last remanant to repplace the ASA completely is User VPN access.
The Cisco AnyConnect…
Hi
I've configured AzureAD authentication, with MFA, through a RADIUS server and Windows Server NPS role (mostly thanks to this article: Sophos XG: Using Azure MFA for SSL VPN and User portal - Recommended Reads - Sophos Firewall - Sophos Community…
Hi,
in case a user forgot the token generator / smartphone at home.
Is there a better way than to remove a user from Authentication / Multi-factor authentication (MFA) settings?
Imagine you set
One-time password (OTP)
required for: All users…
Hi,
I'm getting some pushback from management about having to sustain the ADDS option purely for VPN access with the XG units. Can anyone in Sophos shine a light at all on when we're going to see native AAD support for access control and MFA?
Yes…
is it possible to have ssl vpn (remote access) with multi factor authentication in two steps?
this means a further step in authentication process asking for otp?
background: we would like to save user password in vpn client and only ask for otp each…
Sophos MFA secret keys are not restored when restoring a backup profile to a new mobile phone.
In the past as XG administrator I could see the token and help the user to add it again to his phone. That is now no longer possible as I need a OTP to see…
Hi. We are interested in turning on Multi-factor authentication (MFA) settings for SSL VPN Remote Access. But whenever we turn it on, the OTP for User Portal is also turned on automatically and is greyed out. So we can't turn it off unless we turn off…
Hello,
we have the following problem.
We need to ensure remote access for an external support company. For those 24/7 remote access we need mandatory any type of two factor authentication in IPSec.
For internal home-office remoteaccess clients…
Doesn't seem to be an option for "Can't scan QR code" which normally gives you a code you can enter to Authentication app to add manually. Even Microsoft has this ability on 365. Can this be added?
Hi all,
I've leaving my current company in a few weeks, (and they don't have a replacement tech. just yet)
I've been in to my two firewalls and disabled the MFA (OTP), so the next person can setup their own authenticator app when they start.
Now…