So, I wanted to post a bit of a rant here regarding an undocumented change to RADIUS authentication after SFOS 20.0.0 that has broken my DUO MFA implementation. For years I have had my users added from AD and I was able to pull multiple groups through…

Hi all, I have a problem with - at the moment reportedly - two users. They can establish a VPN connection successfully and every works well. However after sometime the username information gets lost, i. e. the username field in the log is shown as empty…

Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.

Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…

Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…

Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation: -I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…

Hello everyone, We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts. Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…

Hello we are disbled NETBIOS / WINS for our Domain Network on client side. Since we did this we have problems to authentificate on our domaincontroller through VPN SSL. With VPN IPSsec all is fine. Also in LAN all is fine. Both, SSL and IPSec using the…

I notice that even though we only have 2 dc's, our failed password threshold is at 6 tries before locking but it seems people get locked out after only 1 failed attempt. is this manageable ? Thanks!

After updating to the version SFOS 19.5.3.652, users could not login to the VPN. Authorization is done on ESET's RADIUS server with OTP. The RADIUS server test will run correctly. There is an error in the log - failed to login to SSLVPN through RADIUS…

Good day Members, I trust you are well. We are trying to setup MFA for users to use with the VPN. We have Eset Secure authentication and would like to continue to use it as the MFA application. We currently have a Sophos xgs and are using the remote access…

We are currently facing an issue with our Sophos XG230 Firewall configuration related to LDAP user authentication and group assignment for SSL VPN profiles. Current Configuration: Firewall Model: XG230 Firmware: XG230 (SFOS 19.5.2 MR-2-Build624…

When is Sophos implementing Azure SAML support for the SSL VPN? It's already available in the user portal how long until we can configure this for the VPN, we are contemplating dumping Sophos and moving to something else to get this feature.

Hello, today we had a strange situation on SFOS 19.5.1: a VPN user logged in with wrong credentials several times. In the XG log this was shown as VPN auth failure in log as expected. SFOS does not log the client IP for failed logins anymore,…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Radius Validation Control…

hello, we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users. ssl authentication servers are radius and AD. when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i…

I have xgs116 appliance and microsoft365 licenses. I would llike to config sslvpn ; with micrososft 365 license authentication to access on premise network. Please help to config

I have my XG set up with both local VPN users and 1 user (mine) authenticating via AD. I've imported the AD OU named Staff where this 1 user resides. I have a new employee coming on, so I created his domain account in the Staff OU. I then logged into…

Hello, we have an XGS 2100 (SFOS 19.0.1 MR-1 Build365).and we tried to configure (without luck) SSL Authentication using a Windows Server Radius. We always get "authentication failed" using "test connection" button (I know that pap must be enable…

I have an SSL certificate from GoDaddy that I am trying to import into the XG 230 firewall. It wants the private key in a .key format which GoDaddy is only giving me a .crt format. The certificate key is in .p7b format which works just fine it appears…

When will Sophos come out with Support for SAML? The majority of the players out there do support SAML2, why is Sophos dragging its feet.

How is it possible that Sophos is still not supporting Google Authenticator, Twilio Authy or any other more wide-scale used 2factor authentication apps? It is claiming to be RFC-compliant and stating that those apps are not? Or what is the problem…

Hello, Looking for guidance here with VPN and certificate authentication. We have a client that requires we implement certificate based secondary authentication for the VPN. We currently use LDAP authentication to AD and they want to use certificates…

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/124501/3-ways-to-setup-xg-18-with-duo-2fa Using this information, I followed the setup for DUO authentication for XG AD Server, DUO LDAP client and server, and it works. But, it seems…

Hey all. I have setup Active Directory integration and everything seems to be working fine from that aspect. Users are able to login to the user portal using their active directory credentials but when they try VPN the credentials do not work. When…