Hi,
I'm running some tests with 2FA. I got the app, QR code, and passcodes are being generated. They work when logging in to the VPN/ But when I try to go to the user portal, I get a username/pw/captcha prompt, but no 2FA passcode prompt. And when I…
I cannot determine "lost admins" - we have XG (SFOS 18.5.2 MR-2-Build380)
In users console appears warning " Administrator accounts unprotected by multi-factor authentication: 8". But I cannot find such administrators. 2 ot them are missing.
I went…
I can login to XG with my administrator account (which uses AD and DUO 2FA) but recently had an issue where I needed to use the admin account and found it didn't work. I don't usually use admin login so I'm not sure when this broke.
The password is…
Hello
I have been tasked with rolling out MFA and thus OTPs for all of my users when connecting to Sophos Connect/User Portal. I've sorted out how to have the one time password field show up for the Connect aspect, however I am curious if there is…
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/124501/3-ways-to-setup-xg-18-with-duo-2fa
Using this information, I followed the setup for DUO authentication for XG AD Server, DUO LDAP client and server, and it works.
But, it seems…
Hello,
we think that we were able to access a users barcode for 2FA when he lost it (e.g. exchange of phone, lost phone, ...). Has this changed recently as we don't find it on XG ( SFOS 18.5.2 MR-2-Build380). Or is this only possible on Sophos SG Firewalls…
Hi,
We have enabled MFA for our SSL VPN users, however that has meant that it has been enabled for the Captive Portal as well. We really do not want to have users authenticate to the captive portal with MFA, in fact we would really prefer an SSO solution…
Hi,
I had mistakenly disabled MFA for super admin, after that I cannot log in with the admin account on the web portal. but I am able to log in CLI mode. Please find below.
I sync the authenticator and it says "timeoffset successfully retrieved" but…
Good morning,
We updated all of our XG-firewalls to 18.5 MR2 two weeks ago. Now, I have to configure a new SSLVPN-User with MFA authentification.
I already read here:
https://community.sophos.com/sophos-xg-firewall/f/discussions/131468/sophos-firewall…
Hey folks, in the sophos firewal admin, there used to be a section in the Authentication settings named "One-time password". From there, you can click on the "i" icon beside the user's name to get the QR code that they can scan. somehow this option has…
Hello, since upgrading my XG230 firewalls to 18.5.2 I can no longer go to the MFA settings in the admin portal and retrieve end user MFA codes. Has this been removed or moved to another section in the XG?
Hey guys.
I have a strange problem, I was wondering if anyone else had this problem.
We have configured Remote Access Ipsec with OTP.
It works well, but for Andorid users there is a very high certainty of re-associating the token.
We don't know…
Hi all i have a challange for you! i configured a SSL VPN as shown in this Video: https://techvids.sophos.com/watch/6DSCq37grC8pbB6jt9QhH9
now for testing i need to download the SSL VPN Client for Windows, but this is how it looks when i connect to…
Hi,
from this 4y old threat it seems, it is not possible to enable 2FA for the default admin user.
https://community.sophos.com/sophos-xg-firewall/f/discussions/89815/2fa-for-admin-user-in-webadmin-logon
is that still correct?
Hi,
we're evaluating hardware Tokens from Reiner SCT, quite commonly used in Germany.
OTP or 2FA is working fine with Sophos XG as long as you only have one Firewall.
Because the QR code is identified as name "Sophos SF0", whatever this means, if…
at a remote location I tested with OTP today on a XG106 SFOS 18.0.6 MR-6-Build655
first tested with domain user which was not working as described below.
then tested with local user on XG which did not work either.
1. confirmed, I can login to userportal…
We have been using the above setup for Sophos MFA for months without issue. When a user needs to be set up on MFA, we generate a token for them and send them the QR code to scan into their app. We have done this to avoid any unauthorized setups of MFA…
We're enabling OTP for VPN access, and there's a group of user who either don't have access to Google / Sophos Authenticator or refuse to use it for - reasons. It seemed that I could go into their token properties, click the plus button and get some codes…
How do you configure Sophos XG 2FA for all applications such as:
1. WebAdmin
2. User Portal
3. SSL VPN
4. Sophos Connect
only for select users, not all of them. All tutorials show how to do for all. I tried only my user in the setup but when…
https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/concepts/OneTimePassword.html
" Passcodes are generated by Sophos Authenticator or any third-party authenticator on a mobile device or tablet..."
https://docs.sophos…
Hello Community,
I try to setup the Connect Client with OTP. If I use only Username and Password for authentication everything works fine. Now I generated an OTP Token for the Sophos Authenticator App and tested it on WebAdmin with “OTP time-offset…
I make an attempt at posting the most trivial question on these forums ever: where is the option hidden to hide the 2FA QR code after a successful logon? On SGs this is under Management/User Portal/Disable Portal Items, but I really can't find it on XGs…