Our STAS users are added to Open Group instead of AD group. When using user portal users are added to the correct AD group. Any ideas why STAS users are not in the correct Group ? Can STAS run as non administrator account ? In STAS logs on DCs…

Dear Experts, We are using Sophos CAA (Client Authentication Agent) v2.0.1 to Authenticate our users for accessing the Internet, Now we're in the process of hardening our AD by implementing Microsoft Baseline Security policy on our Domain Controller…

We have activated the blocking function when someone had too many failed logins. While this is quite useful to block unwanted third-party login attempts, we sometimes have our own VPN users which fail to enter their password correctly or the TOTP. Is…

Hello, I have configured Sophos STAS on a new Active Directory domain. Everything works except the workstation polling via WMI. In the test utility I get an "access denied". in the event viewer of the workstation i have this error: Event 10036…

how do I remove a group member from the Sophos firewall authentication group? I can add members to the group and view group members, but I unable to delete.

Hi, Sophos is synchronized with Active Directory (AD), and when we disable a user's profile in AD, they should no longer appear in the Sophos user list. However, I noticed that some disabled users are still showing up in the Sophos user list. My question…

Dear Experts, I am configuring SMS gateway for guest users to access the Internet, our firewall firmware is on SFOS 19.5.2 MR-2-Build624, i am getting error "Response string:ERR_MOBILE"while Testing the connection please find the screenshot. can any…

I hope that I might be able to find an answer to my problem here. I have joined the Sophos XGS to the domain. The AD object looks good. The Sophos XGS name is configured with FQDN. Unfortunately I get this error message for Kerberos: "Cannot initialise…

We're using STAS and wanting to implement SATC for Terminal Servers Followed the documentation below, but now the system account is smashing the Authentication log with failures https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp…

Getting hundreds of these in the log for Authentication: Cannot establish NTLM authentication channel with Have read through all the other forum posts and they say to disable AD SSO in Device Access, but it's already…

Hello Sophos Community, I'm currently facing an issue while attempting to configure Azure AD Connect for the Sophos Firewall Admin Console, following the tutorial provided here . Despite meticulously following each step outlined in the tutorial, I…

Hi there, i'm securing our company network a little bit more and want to use the "Match User"-Feature within the fw rules. We're running a central Sophos XG135 cluster an a bunch of branch offices, which are connected via pfSense and IPSec-tunnels…

NPS is working perfect with Sophos MFA via onpremise VM try to migrate it to Azure vm but keep getting error: A RADIUS message was received from the invalid RADIUS client IP address 169.254.0.1 on the new NPS server. Any Ideas?

Hi All, We have 2 Sophos XG Firewalls setup in HA and using NTLM / Kerberos authentication. We notice that in Active directory there is only one firewall computer account showing and was wondering if that is ok or if there should be 2 accounts …

This seems not to work anymore Sophos Firewall: Create multiple AD Server entities in SFOS for multi domains When I try to do the last step I get the message "Please enter a valid server address in field "Server IP/domain"." I need to somehow…

Hello, we try to work with the PPTP Client vom Windows 10/11 and it doenst works with AD Users. If i try a local user from the Firewall works everything fine, but on AD Users i receive an error that the credentials are wrong. I have tried with DOMAIN…

I've been trying to install sophos network agent on android to authenticate, but on playstore it is not showing the install button the phone has android version 13 is there any way to do this????

Hi, we have a customer, who has about 10 branch offices with each 5 to 50 users and a headquarter with about 50 users. Every BO has its own XGS firewall, which is currently connected via IPSEC VPN and will later be connected via MPLS to the HQ. In HQ…

I;m following the few videos that I can find about how to set up Entra AD SSO for captive portal and VPN but I can't seem to get it working. Are there any step by step instructions that I can follow, other than the published Sophos videos, which seem…

I have a Sophos xg210 model firewall. I use STAS to be included in the domain (Example Username: sophos_stas). I have a server not included in the domain. When I examine the security logs of this server from the event logs, I get an audit failure error…

I am adding a new domain controller to our domain and am having trouble adding it to the authentication servers in Sophos. The server is active and working as expected and I've checked all of the same firewall settings as our old DCs. The only difference…

Hi, I have Sophos Home edition on a machine, which use AD authentication in user-based rules to allow internet. In addition to that we have some IP based rules as well for some devices that cannot be joined (or we don't want to join them) to the domain…

Hello, i have confiure captive portal page in sophos firewall and created user grp called (TEST_GRP). i have also created rule for lan to wan and under match rule i have selected user group called (TEST_GRP). but right know what happen is the entire…

Hello, i am quite new to the XGS Appliance, coming from the UTM. We still facing a lot of problems since the migration, one of that is the user authentication for SSO. The import of the users and the ad groups worked well and most of the useres…

Hi All, I'm facing issue with captive portal, some of my users are getting error The Connection has Timed out and the server is taking too long to respond. For some users captive portal is popoing automatically but for the some it's getting issue. Thank…