XG Firewall SFOS 18.0.4 MR-4 We are using the XG as Web Proxy for approx. 1000 users. Its setup to authenticate against AD Servers using Kerberos and NTLM This works absolutely fine for the majority if users but we have roughly 75 users it fails on…

HI community I am using SSO , i have followed all the instruction on this website https://support.sophos.com/support/s/article/KB-000035732?language=en_US , but when i try to swap to the new rule i created specificaly for SSO with the option [ Match known…

We have just started setting up our XG firewall, and I was looking into the Chromebook SSO. In the manuals it states that the AD domain has to be the same as your Google Suite email domain. I am wondering if there is a way around this or if as long as…

I am setting up Sophos XG Wireless for the first time, and having some trouble with Radius. I have a ticket open with Sophos support, but wanted to reach out to the community to get their take on the issue. I followed the instructions by Sophos for setting…

I am troubleshooting AD single sign-on with my XG Firewall V18 MR3 I have found this in the help section, please can someone explain what the Firewall Rule mentioned in the Red Box in the screenshot below should consist of? I have no rules which allow…

Hi All, In our network, we installed the STAS (Version 2.2.3.0) client to the Domain Controller with less than 100 users previously the log off detection settings are enabled and suggested by our provider support to disable this and enable from the…

Hi, I found that STAS is not working properly on Domain Controllers with multiple network interfaces attached (subnets). (nic#1 - 192.168.0.10/24) <DC> (nic#2 - 10.17.12.10/24) nic#1 is used for networking and nic#2 is used for iscsi for an example…

Hi Community, Please be aware that one of the latest Microsoft cumulative updates may trigger problems when using SSO authentication (such as the one we use for UTM/XG and Web appliances). Refreshing the page should allow customers to continue the…

Hi Community, Please be aware that one of the latest Microsoft cumulative updates may trigger problems when using SSO authentication (such as the one we use for UTM/XG and Web appliances). Refreshing the page should allow customers to continue the…

Currently have a XG unit installed and using LDAP server to authenticate users through STAS. Each time a user goes online, the username on the log is the service account. Looking through the STAS logs and I see that the user is changed each time. Any…

Hi, I'm having trouble creating rules by Active Directory user group. I installed SSO Suite correctly on the server, added it as a collector in SOPHOS, and did import some groups. However, when I create rules with imported groups, I realize that there…

Hi, This question surged on a designing process of a solution where the final customer already have a SSO agent on the AD, they want to ask if the installation of a second SSO agent on the same server can cause issues with the one that is already active…

Hello community, I was deploying a XG Firewall in an environment and I was asked about using multiple AD groups for web filtering in the web policies/firewall rules. I saw in some threads and also in this KB that XG maps the user in a top-down approach…

I wish to add My Active Directory Domain Server as an Authentication Source, I would like to know once i activate authentication from AD, what happens to my WiFi access Points and WiFi users? Will XG treat my Access Point and WiFi Users as Unauthenticated…

This Knowledge Base Article covers the steps for implementing client-based SSO with AD integration for Windows. The article is broken down as follows: Pre-Requisites Download of SSO Client Configuration settings How to upgrade an existing…

This recent Knowledge Base Article provides step-by-step instructions on how to setup our Sophos Transparent Authentication Suite in an environment with a single Active Directory Domain Controller. The following topics are covered: Sophos Clientless…

Hi all, I have a testcase, I integrated AD with Sophos XG and use STAS. I configured user Test can access to internet, I log on user Test to the machine. Then I log off user Test and log on local account to the this machine. Just like the rule this…

Hi Guys, New to the forum. we have a XG in our office. and two domain controllers. We trying to get SSO to work. i have configured STAS using the document here: https://community.sophos.com/kb/en-us/123154 My understanding is that there are two…

Hi All, I'm having a problem here that part of the AD user are login through web client instead of STAS. On the XG we have configured the STAS and it is working fine until yesterday we upgraded the box firmware to SFOS 17.0.3 MR-3 Initially all…

Hello everyone. I require your help with a concern that a client poses to me for which this is something reasio to mount the STAS on your domain controller to do SSO. The client asks us for a different method to do SSO, says that for them mount some…

I just installed a new SG310 in one of our datacenters. We have multiple locations, and several Sophos appliances running different versions. As the title suggests on the newest appliance I've installed I actually pulled out an appliance running UTM 9…

Hi All, I'm facing an issue here that the XG firewall seems doesn't communicate with the STAS. On the STAS, we are able to see there's AD user being login on the Live user tab. However at user under XG firewall, there's no user shown. I have been…

Dear all, I'm using sophos xg 17 and I face a problem with AD integration, I 'm using STAT with logoff detection method workstation polling ,I also activated captive portal for unknown users by adding the last firewall policy to deny any to any and…

Good day All, I have setup a lab test environment for the ADSSO. I setup the STAS on both Primary and Secondary AD, Primary is Server2012R2 and Secondary is Server2008R2. The STAS configured on XG is pointed to Server2008R2, it able to pickup the…

I 'm using xg v 17 and and I added AD server to authenticate users and I downloaded STAT and installed it on active directory, I used ping as logoff detection method to avoid the users being logged off after few minutes , I added firewall exception to…