How do I generate a new QR Code for the default admin account? New phone so had to reload authenticator and lost existing devices. I have access to the web interface using another admini account but cannot seem to locate a way to generate a new QR code…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Enabling Multifactor Authentication…

HI, I'm trying to get the Sophos XG appliances (SFOS 19.5) talking over Kerberos instead of NTLM. I can't see that the appliance has domain joined - no computer object. There are no SPN records created The appliances FQDN are different…

Hello, we use a XGS116w in one of our branch offices running on firmware: 19.0.1 with SD-WAN. We deployed a firewall rule through Sophos Central for Web Surfing (LAN-Zone to WAN-Zone) with different Web Policies. All is working fine. Now we…

I have 2 DC in my domain, and I installed STAS Suite (Agent and Collector) in one of the DC. The issue is STA Collector not showing Sophos Firewall IP address on Sophos Appliance, It appears some often and disappear when I restart the STAS. I tried all…

Hello, what option does a User who is completly working from remote, to change his AD/Windows Password? (the credentials should be write back to the machine, so all Apps like outlook and next login has the new password.) Or do Admins now days set…

Hi all. I'm currently facing a problem on an XGS2100 where AD authentication & SSO through Web auth are enabled and working. Just for a few minutes... Next step on every single client (Windows, Android but not iOS) is lose of connectivity and need…

Hello All, With sophos xg in the company AD authentication (stas and CAA) I have may be 40 rules FW LAN > WAN, but all these rules are with " match known users ", so users or groups are presents there is no rule witch allow mac@ pc or ip address…

Hello, i have an big problem at a customer site. We switched from UTM to Sophos XGS. We have configured STAS. There is a rule for Internet HTTP/HTTPS access. The rule is open for everyone. I have configured a Web protection Policy. On top everybody…

Dear Sir, I am not getting web portal while accessing Internet through web proxy Instead every time it shows certificate error. I have created a web appliance certificate & installed it in PC still every time it asks for certificate & then I have to…

We're moving from SG / UTM and i'm looking for the ability to create custom Webadmin-roles and assign AD-Groups to these roles. Is there a way to configure this in SFOS? e.g. Membership in AD Group "Access-Sophos-Webadmin" should allow authentication…

Pls Help! I'm quite new to Sophos and an trying to use my Active Directory to authenticate users via radius but it refuses to save the server. It passes the connection test on setup but when you come to save it BOOM error. Pls could someone who is…

Hi guys I'm new to Sophos, I've got an XGS3100. clients on a specific VLAN have to Authenticate on user portal, After the authentication everything works fine but broadcast domain. they can't ping each other while they're on the same subnet. anyone…

Hi, Is it possible put an otp field in the weblogon pages (admin & users)? Kind regards Bart

I recently configured captive portal on my network using my AD as the autheticator server. My users can login on their laptops but if they try to do so on their respective phones, they get this error message " User.... failed to login to Firewall through…

Hi :) Customer has received an XGS-FW, previously used a SG. AD SSO was set up at orientation of Sophos-Com contribution. ( docs.sophos.com/.../index.html The following problem: NTLM-Auth works without problems KERBEROS fails: "Cannot initalize…

Hi, i am facing RPC issue when i pool from stas application using wmi method its showing the rpc server is unavailable.

Can Sophos confirm please that SFOS 19.0.1 is still not able to detect staggered group membership of a Active Directory? Because that is what I noticed yesterday. I tried to use a top level group that contains sub-groups for Firewall rules. If the user…

We have a single network & zone which contains both domain-joined and non-domain-joined devices.* For domain-joined devices, we use STAS and all is well. For non-domain-joined devices, we WANT to use captive portal to ask the user to login. However…

Hi Community, we're using an XGS Firewall (V19) and STAS for authentication of our users. On our domain controllers in stas.log we're seeing an huge amount of these entrys every few seconds: SSO_server_handle_wrkstpoll_req: poll req for '43.129…

Hi all, Hoping someone can point me in the right direction. I have enabled STAS on our Sophos XG. I can see user showing on the STAS Agent on the server. I have also added the server to the XG on the Auth List and connections pass without issue…

Hi all, I just set up a virtual XG appliance and pretty much everything is working fine, except for one issue. I needed to use Duo proxy as 2FA solution, which is (temporarily) running on the Domain Controller on the LAN (configured as AD client …

Hi, I recently upgraded to SFOS 17 to 19.0.1 MR-1 and I used to have access to the user's QR codes as admin. This was handy with remote users when they got new phones or lost their phone I could easily add the OTP token back to their new phone. I understand…

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…

Hi, We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ? Many thanks …