Hello, I am trying to use Authentication Policies for one of our Web Servers to restrict access to members of three specific Active Directory groups. When the user logs in, the authentication log shows a successfull login, but the site just reloads…

After changing the authentication mechanism to AD sso Kerberos authentication. The client machines are getting additional popup for the browser authentication, so that internet traffic will be allowed. We have tried by adding the hostname in internet…

Hello Sophos Community, first of all everything worked with STAS the last months without any problems.This week starting from monday on we are experiencing random disconnects on our STAS backend (it seems). It hits several live users randomly. They…

Hello, I have a problem with a user who belongs to several groups in my Active Directory. Two of these groups are present in my XGS. However, the user on the XGS is only a member of one group, and for organizational reasons I don't want to use this…

Hello everyone, I have issue with Sophos XG firewall running SFOS 19.5.4 MR-4-Build718 configured for authentication via RADIUS server running on Windows Server (NPS service) with Azure MFA extension. We use it for MFA for VPN users. It works fine except…

Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.

Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…

I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra I have two use cases. Both involve the Sophos Connect Client and XG firewall v19.5 or later: 1. XG firewall appliance on premise with a MS Windows…

When users have homedrives in Active Directory they fail to mount as network drive when the firewall rule to the sharing server has user authentication required. Also the login of the users is taking minutes, not seconds. This is because the user is not…

Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…

Hello, i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…

Hi , I have a issue with the Sophos Client Authentication Agent the "MSI" File. If I deploy the Agent with MSI File, it installed it and I can run it, but I am getting the error with Certificate (I think the ClientAuth_CA.scc) file cannot be find. …

Hello, We use the Client Authentication Agent (CCA) for authentication when accessing our network. We use the client at various external locations which are all connected via RED. At one location (behind a Sophos UTM) this works without any problems…

Hi Community, I try to join a Sophos Firewall into our Windows domain but the domain join is not passible. I get this errors in /log/nasm.log: Jul 26 11:59:18.983130Z ha.c:30 is_ad_join_required [nasm] is_ad_join_required() AD join required due to…

Hello, New bloke here. I read a lot of How To do a thing in XGS, but not why... What would be the intended purpose of a duplicated Administrator Local User and AD user? Is it redundancy in case the AD is unavailable? Should the default administrator…

Hello everyone, is there a complete Guide available for setting up XGS and NPS with EAP and certificate authentication? We want to move on from a working EAP and MSChapv2 configuration because it is deprecated. i wonder, do i need to change…

Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation: -I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…

We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…

Hi, Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO I can: - Use the test button under the Entra account, it shows grren. - I can connect and import groups into the firewall from Entra - I can sign into the firewall I cannot…

Hey all, I have a question that seems to not be addressed in any other related community forum I could find. I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…

Hi, I have Sophos home deployed in our network, with AD groups synced-in from AD server for user-based internet access. For a month or so now, when any users changes their domain user password, SSO (single sign on) does not work for them and they…

Hi, My client already use a radius server for authenticated they users. Actually, only the switch contact the radius. I would like to do the following but I don't know if it's possible: Est-il possible de configurer le portail VPN pour que l'utilisateur…

Hey, we have been using an ldap connection to sync usrs from our local AD to our XGS appliance. Since we're migrating, we have changed the UPN and mailaddresses of all users in our AD. Sadly sophos doesn't get that, therefore rules that match…

Guten Morgen zusammen, wir versuchen die AD User mit unserer Sophos XGS zu syncronisieren. Ziel ist es, die User die sich am TS anmelden auch auf der FW zu sehen, damit wir die Aktivitäten überwachen können. Was wir gemacht haben: https:/…

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview UPN Configuration Active…