• Importing Active Directory Domain Users

    Mark Andersen
    Mark Andersen
    Hi I have two sophos xgs (xgs 2100 & Virtual), i have exported full configuration from XGS 2100 and wanna import it to Virtual Appliance. when i try to import config, everything Are imported except active directory users. i see all local users, but none…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Web authentication through captive portail fail after few minutes

    GaelRAYNAUD
    GaelRAYNAUD
    Hi all. I'm currently facing a problem on an XGS2100 where AD authentication & SSO through Web auth are enabled and working. Just for a few minutes... Next step on every single client (Windows, Android but not iOS) is lose of connectivity and need…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Why this user or computer can access to internet ?!

    Fotit
    Fotit
    Hello All, With sophos xg in the company AD authentication (stas and CAA) I have may be 40 rules FW LAN > WAN, but all these rules are with " match known users ", so users or groups are presents there is no rule witch allow mac@ pc or ip address…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to use AD-Group Membership for SFOS Webadmin Roles

    FFin
    FFin
    We're moving from SG / UTM and i'm looking for the ability to create custom Webadmin-roles and assign AD-Groups to these roles. Is there a way to configure this in SFOS? e.g. Membership in AD Group "Access-Sophos-Webadmin" should allow authentication…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to add new authentication server

    Dominic De Robillard
    Dominic De Robillard
    Pls Help! I'm quite new to Sophos and an trying to use my Active Directory to authenticate users via radius but it refuses to save the server. It passes the connection test on setup but when you come to save it BOOM error. Pls could someone who is…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Captive Portal Authentication

    Idris Sanni1
    Idris Sanni1
    I recently configured captive portal on my network using my AD as the autheticator server. My users can login on their laptops but if they try to do so on their respective phones, they get this error message " User.... failed to login to Firewall through…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Troubleshooting Guide - Sophos Central cannot push group policy to Sophos Firewall

    taowang
    taowang
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview: Error, ADS server name already…
    • over 2 years ago
    • Sophos Firewall
    • Recommended Reads
  • AD Authentication, Nested / Staggered Groups not working

    LHerzog
    LHerzog
    Can Sophos confirm please that SFOS 19.0.1 is still not able to detect staggered group membership of a Active Directory? Because that is what I noticed yesterday. I tried to use a top level group that contains sub-groups for Firewall rules. If the user…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Allow access to AD through SOPHOS XG (So users can login with AD login https://www.eplatform.co/gb)

    Kuldev Sagoo
    Kuldev Sagoo
    I was wondering if you could help me setup a a firewall rule so that outside URL (eplatform, used for digital libraries) can communicate with our AD so that users can login with their AD username and password. I have added the external host IP of the…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • AD SSO - Cannot establish NTLM authentication channel with xxx

    MakoRantz
    MakoRantz
    Hi, We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ? Many thanks …
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS and AD sync

    Manu_Mathew
    Manu_Mathew
    Hello, Have 2 questions related to user authentication. 1. Do we know the sync interval between Sophos XG and Active Directory. .We have disabled few users from AD, however they are still able to authenticate against Sophos Firewall via a captive…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: A Quick Guide for LDAPS/AD Integration With Windows Server 2022/2019/2012…

    Vivek Jagad
    Vivek Jagad
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Adding Active Directory Certificate…
    • over 2 years ago
    • Sophos Firewall
    • Recommended Reads
  • 2FA with AD-Groups

    LHerzog
    LHerzog
    Hi, we have turned on 2FA for all our users for VPN and userportal. Currently each user has been added individually to "Multi-factor authentication (MFA) settings". By doing this we were most flexible. So far so good. Now we want to switch…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall | Active Directory Users Not syncing to the groups correctly

    Tharindu Premarathne
    Tharindu Premarathne
    Issue A customer is faced with a strange problem in the Sophos XGS Fw (v19), After rebooting the firewall or the Active Directory server, certain users are no longer in their group. We add all the subnets to the STAS and log in to the user portal…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Firewall / web filter user authentication - Microsoft accounts

    JeffThompson
    JeffThompson
    Hi All, I'm currently using CAA to authenticate users to the firewall so that user group-specific rules can be applied. However, it has some issues, especially when a PC is used by more than one user - it installs in the first user's profile folder…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Backend Group Membership in Sophos Firewall

    LuCar Toni
    LuCar Toni
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview AD Users creation process…
    • over 3 years ago
    • Sophos Firewall
    • Recommended Reads
  • Active Directory Issue | STAAS

    Tharindu Premarathne
    Tharindu Premarathne
    A customer is faced with a strange problem in the Sophos xgs Fw (v19) , After rebooting the firewall or the Active Directory server, certain users are no longer in their group . We add all the subnets to the STAS and log in to the user portal (The technical…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Repeated "Cannot establish NTLM authentication channel with [domain]" messages in Authentication

    JeffCooper
    JeffCooper
    Hi All, I have an XGS2300 and just updated from 19.0 to 19.0.1. Everything authenticates. Users can access remote access IPSEC, WiFi (through Radius), and User Portal. But I keep getting the message "Cannot establish NTLM authentication channel…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Active Directory UPN Suffixes

    cm00001
    cm00001
    Hello, I have had a problem with duplicated users due to the use of an UPN suffix in Active Directory. The domain was created using a “.local” domain name. However, an UPN suffix was configured to allow the use of a public domain. This has meant having…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Configure Terminalserver Access with AD SSO authentication for multi-user hosts

    Christian Niemann
    Christian Niemann
    Hello, i would configure out Terminalserver Access with AD SSO authentication for multi-user hosts. I follow this article: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to integrate Sophos FW with Azure AD

    Arya AM
    Arya AM
    We don't have have on-premise AD, need to integrate the firewall with Azure AD.\ We have IPSec tunnel connectivity between FW and AD.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Linking Citrix with Sophos XG Firewall

    Chris GER
    Chris GER
    Dear Community. due to the current not so transparent information I am looking for a supported way to allow users of an RDP session to apply firewall rules based on "Active Directory Groups" basis. This is to prevent that user 1 from group 1 can access…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Add an Active Directory Server on Sophos XGS

    TobLai
    TobLai
    Hi support, I have a few questions on configure Active Directory authentication on my XGS. I have followed the guide here: Configure Active Directory authentication - Sophos Firewall When I open the VPN portal, I cannot login using my AD user…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Feature Request - AD Admin Groups

    paganoj2
    paganoj2
    I am not sure where else to request a feature, so I am going to request it here. It would be nice to be able to tie an active directory group to an XG Admin rule. This way all the users in that AD group can login to the XG Firewall with admin permissions…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS Not Reading Attributes from AD

    JeffCooper
    JeffCooper
    Hi, I have active directory configured and it works. Users can log in to the user portal, vpn, and wifi. Yay! But, the attributes for the display name and email do not pull over from the AD Server. Example: The user logs in with username The name…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>