Hi all,
I just set up a virtual XG appliance and pretty much everything is working fine, except for one issue.
I needed to use Duo proxy as 2FA solution, which is (temporarily) running on the Domain Controller on the LAN (configured as AD client …
Hi,
I recently upgraded to SFOS 17 to 19.0.1 MR-1 and I used to have access to the user's QR codes as admin. This was handy with remote users when they got new phones or lost their phone I could easily add the OTP token back to their new phone. I understand…
Hi,
We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ?
Many thanks
…
Hello,
Have 2 questions related to user authentication.
1. Do we know the sync interval between Sophos XG and Active Directory. .We have disabled few users from AD, however they are still able to authenticate against Sophos Firewall via a captive…
I am facing an issue with setting up Duo for the Sophos XG firewall. I know Sophos has not built out their dedicated API to work with Duo yet (need to resort to using Sophos UTM application protection in Duo), but I have confirmed that this is working…
Hi,
we have turned on 2FA for all our users for VPN and userportal.
Currently each user has been added individually to "Multi-factor authentication (MFA) settings".
By doing this we were most flexible. So far so good.
Now we want to switch…
Hello, everyone,
In our network we use STAS. a few days ago we disabled NTLMv1 in the network and since then every 5 to 10 minutes all users either get no internet access or get Captiv Portal windows through their browser. Apparently the users are logged…
Hi.
Been a previous user of Cyberoam firewalls and have a site with Sophos XGS136w device.
The firewall is AD integrated, and the domain has STAS configured and operating.
This site has a vast majority of users on a Windows RDP server.
I'm attempting…
Issue
A customer is faced with a strange problem in the Sophos XGS Fw (v19), After rebooting the firewall or the Active Directory server, certain users are no longer in their group. We add all the subnets to the STAS and log in to the user portal…
Hi,
We have setup proxy on client computer for the sophos xg and AD SSO in place and it just works fine; user starts browsing, gets seemlessly authenticated via AD SSO and surfs on...
Now my organization wants to get rid of proxy settings, the traffic…
I wanted to share my observations regarding communication problems between STAS Agents and Collector.
We have three domain controllers, one primary and two backup. I installed the nevest STAS application on each of them. One of them was launched in…
A customer is faced with a strange problem in the Sophos xgs Fw (v19) , After rebooting the firewall or the Active Directory server, certain users are no longer in their group .
We add all the subnets to the STAS and log in to the user portal (The technical…
Hi,
i have faced issue with STAS configure STAS in firewall and AD and check with user some user logout after 10 to 30 min and some user system are still are in stas.
windows system are connected through stas-Windows 10 pro version-1809 os build…
Hi All,
I have an XGS2300 and just updated from 19.0 to 19.0.1.
Everything authenticates. Users can access remote access IPSEC, WiFi (through Radius), and User Portal.
But I keep getting the message "Cannot establish NTLM authentication channel…
Hello,
I have had a problem with duplicated users due to the use of an UPN suffix in Active Directory. The domain was created using a “.local” domain name. However, an UPN suffix was configured to allow the use of a public domain.
This has meant having…
Dear,
Some Windows 10 machines started to lose internet connection. I'm using STAS with Active Directory authentication. When the user logs in again to windows, the connection returns. Can anybody help me?
Hi,
i have configured stas in DC and after configured user and connected through STAS and no login required i have created multiple groups with user rule in sophos.when user login to system i have checked the log its showing as per created rule but…
We have onclick protection enabled in Email Gatweay so e-mails with urls have a Sophos substitute url. OnClick Sophos checks the url and when found correct the browser is refered to the correct url.
This works as intented. HOWEVER there is one user…
Hello,
i would configure out Terminalserver Access with AD SSO authentication for multi-user hosts.
I follow this article: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…
Hello,
I am struggling with NTLM issues (I am not using STAS and trying to use Kerberos)
I think I have setup everything correctly. is there any detailed logs I can look at.
Remote STAS in bridge mode
Hello guys.
I'm approving an environment where we have sophos in bridge mode.
The following scenario being evaluated.
Office:
router <-> sophos fw(l2) <-> switches
Inside this office we have an AD with STAS, running…
Dear Community.
due to the current not so transparent information I am looking for a supported way to allow users of an RDP session to apply firewall rules based on "Active Directory Groups" basis. This is to prevent that user 1 from group 1 can access…
Hi everyone, a customer where I recently deployed a Sophos XGS 136 is reporting that desktops are losing internet connection for 30 seconds and then returns normally, and that this is not for any specific desktop, but randomly.
Is anyone experiencing…