i have error with stas service error with code 1053 windows server 2003 couldn't be start for first time to join ad to firewall any feedback why sever windows 2003 didn't accept sophos transparent authentication

After upgrading firmware from SFOS 19.0.1 MR 1 BUILD 365 to SFOS 19.5.3 MR3 - BUILD 652, I'm having some problems with Authentication. The STAS is currently updated. Some users are in need to manually authenticate with user and password everytime. What…

Buenas tardes Grupo sabrán porqué no me deja seleccionar en el ADDGROUPS, estará mal un Dominio?

Hi altogether, our customer use a Sophos XGS3100 (SFOS 19.5.3 MR-3-Build652) and we have configured STAS according to best practice. Two DCs with Agent and two member servers with collector. Connection works fine and there is no firewall woh blocks…

Hi Everyone, I have a query here, is it we need to sync the otp token when the Sophos XG is done reboot?

Hi everyone, We have added AD server with sophos xg 230. And it is showing that "Servers using plaintext connection: 1" in Authentication > Servers . As you can see above. Please tell me solution. Regards, Vaibhav

Hi Everyone, Sophos UTM user making the move to SFOS firewall and need some help. I am having a diffiecult time getting the settings right to authenticate to Active directory on a new Sophos Firewall. With the Sophos UTM software you entered the Bind…

Hallo Allerseits, wie schon im gleichnamigen Thread schon angesprochen wurde, haben wir auch das selbe Problem. MFA Hardware Token lassen sich nicht benutzen - German Forum - Sophos Firewall - Sophos Community Eine Antwort, wir sollen 128 Bit SHA…

Hallo zusammen, ich würde gerne den Search Query für die Authentifizierung abändern. Momentan zeigt die auf die OU "Benutzer". Ich würde dies nun gerne auf die neue OU VPN setzen wo es eine Gruppe mit allen VPN Nutzern gibt. Wenn ich dies mache…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Product and Environment …

Greetings, Please bear with me: We are getting the above message in our FW logs. I have verified the following things thus far: Users can login to the VPN and validate w/o issue and w/o the captive portal. The FW logs show all user activity for login…

I notice that even though we only have 2 dc's, our failed password threshold is at 6 tries before locking but it seems people get locked out after only 1 failed attempt. is this manageable ? Thanks!

Can anyone share a roadmap update for getting native Azure AD (otherwise now known as Entra ID) authentication for Sophos Connect on XG appliances? The last thread was closed out nearly a year ago: Azure AD authentication for Sophos Connect - Discussions…

Sophos XGS 4500 19.5.3 Before I fully understood how the Sophos/AD import and integration worked with respect to users, groups, and authentication for SSL VPN I set up AD search scopes to import users. I didnt understand that Sophos would automatically…

After updating to the version SFOS 19.5.3.652, users could not login to the VPN. Authorization is done on ESET's RADIUS server with OTP. The RADIUS server test will run correctly. There is an error in the log - failed to login to SSLVPN through RADIUS…

Hi there, two more questions regarding SFOS. 1.) For the MFA via OTP Token, is it possible to cache the second Factor for a certain time, so that is hasn´t to be entered any time a user logs into Userportal/VPN? 2.) It is mentioned in the…

Servus Ich hab eine Gruppe auf der XGS erstellt die die Internetnutzung für die Nutzer darin einschränkt. Nun möchte ich ein paar Nutzer aus dieser Gruppe entfernen finde jedoch keine Möglichkeit. Wie gesagt ist keine AD Gruppe sondern eine manuell…

Hello I have problem using WMI as logoff detection method on STAS and most of live users disconnect after few minutes from logging to any device I use STAS on DC and Additional DC and I opened all needed ports for DCs and users devices through group…

The captive portal has an option to run in HTTP. But the guest user self registration page by default shows up in HTTPS. Is there any way to make it work in HTTP? We want to avoid any certificate errors.

Good day Members, I trust you are well. We are trying to setup MFA for users to use with the VPN. We have Eset Secure authentication and would like to continue to use it as the MFA application. We currently have a Sophos xgs and are using the remote access…

Hello, I am still relatively new with Sophos products. I've got a Radius server set up to authenticate users to the admin interface, but it's not working. I've reviewed the documentation several times and am unable to determine what I'm missing. I feel…

We are experiencing an issue with authentication failures due to username not being retrieved a full username with the Heartbeat Auth Client. If I login via web client it authenticates properly. For example user1@domain.local. The logs are showing it…

hello there , I am using the radius server to authenticate my clients , I configured the radius server and every things working fine , but when the Firewall sending Request to my radius server it is not sending the general attributes that the other brands…

I am running Sophos XGS 19.5.2 MR-2-Build624 in an active / passive cluster. I have configured IPSec VPN for 150+ remote users. I have enabled MFA for all Users. I have a small 3rd line support team, but want to provide access to my servicedesk to administer…

Good day Folks, I'm trying to get the following scenario to work for "STAS over IPSEC with authentication at Head office instead of branch": 1. User signs in at branch office 2. HEAD office firewall picks up or gets the authentication forwarded…