Hi.
When user have access to all computers then authentication is ok.
But when change access to selected workstation and also added a name that appeared in AD from Sophos XG user does not authenticate and have message: "Access to this computer denied…
Good Evening,
I recently joined a team and started up our own MSP. One of the clients we took over is using a Sophos XG210 (SFOS 17.0.3 MR-3). I am not real familiar with Sophos, though this same unit died and was RMA'd largely in part due to someone…
Hi Guys,
New to the forum. we have a XG in our office. and two domain controllers. We trying to get SSO to work. i have configured STAS using the document here:
https://community.sophos.com/kb/en-us/123154
My understanding is that there are two…
Dear all,
I have installed stas and integrated AD with xg310.
Then i did import all the users from AD into Xg-310.
And created a firewall rule to access internet from lan to wan and enabled "match known users" & "Captive portal to unknown users…
Hi All,
I'm having a problem here that part of the AD user are login through web client instead of STAS.
On the XG we have configured the STAS and it is working fine until yesterday we upgraded the box firmware to SFOS 17.0.3 MR-3
Initially all…
Hello, I have installed the Sophos XG Firewall with firmware version SFOS 17.0.2 MR-2 in virtual appliance (VMware vSphere ESXi). I have activated company full subscribtion successfully. I also have setting up some firewall and web protection as needed…
Dear All,
We just deploy XG into our environment and noticed that user keep on losing internet connection and after 10 seconds, connection resume.
Further checking into the log viewer, it seems that the user was being logged out while they are online…
My Client have two domain(A and B)and trust relation have been established between them.
Both Domain have same subnet and both are connected with Sophos XG.
All work fine, now I want to configure user base rules for both domains in a XG firewall.…
hello everyone
here iam still trying to configure all rules i need to apply on my work environment
i have read that i can setup my AD as authentication server to let users access the internet
but i couldn't make it work and i hoped to figure out…
Good day all,
We are having issues on the clientless SSO that there's multiple account hoping around the end user.
Below are the scenario
1) Multiple account sign-in
I have login with my AD account and it can be seen authenticated on the AD and…
We have tried to set up SSO in our company and we faced issues while changing from one subnet to another. Since we were under premium support, we raised a ticket but still couldn't solve. Is there a solution to it??
Greetings,
Trust you are doing well,
I am working on XG integration with AD user groups and OUs. I was able to setup STAS and configure it. But now, before make it running, I want to understand one thing.
The user will be authenticated when he/she…
Hi all,
we have XG-310 (FW: HW-SFOS_16.05.6_MR-6.SF300-266) with some REDs setup as a trial. This works as intended but we have some trouble with the AD connection.
We have a root-domain and a subdomain for each subsidiary. We have a global security…
Greetings,
Trust you are doing well,
I am trying to add my Active Directory to Sophos XG 230 as an Authentication Server. But, I am keep getting that the credentials are wrong. What are the possible solutions/causes for such issue?! Is there any…
Hi all,
I did configure STAS on a single DC.
Communication between XG and DC it's working but some users didn't show up in the firewall. This means the firewall rules don't apply to him.
AD Server: 128.128.128.28
XG appliance: 192.168.50.1 …
After a year, I've decided to try Sophos XG again. Currently using UTM 9.5 - which has its issues, but works well.
I am trying to find out how to force all web requests through the proxy port. Sadly, I'm not getting far with Sophos XG.
If I add a…
Hi all,
I have setup a 210 with XG and STAS, I want to sync the users from the AD groups, I follow some guides but I can't see any user in any groups.
I read some posts about this and they say all the users had to login into user portal so the XG…
Hello everyone
I try to configure my Sophos for the AD authentication.
What I want is when a user open is computer and is browser, the Sophos know who is it so I can log what he does.
But I don't really understand, I install SSO client one one…
Hello:
I have 3 Wan interfaces
firewall is sync with active directory with 3 groups
Hoe can i do:
Group1 -- to internet by WAN1 interface
Group2 -- to internet by WAN2 interface
Group3 -- to internet by WAN3 Interface
Why no link load…
Hey guys,
I've configured STAS in an AD environment. This AD environment has 5 DCs so I setup 4 DCs as the agents and 1 as the collector.
Everything works just fine except only 1 user are always missing from the live users on XG and Collector…
We have added web mail and social media blocking and it is working exceptionally. However we do want to have some users be able to access such sites. What is the best practice to add user exceptions.
My thinking is since we are using AD for authentication…
I am configuring SSL VPN for my network. Only a subset of our users should have access to the VPN, and I would like to manage this through Active Directory groups.
I am using Active Directory authentication for the SSL VPN; I tried RADIUS, but I am…
I have an AD group that syncs AD users to the SSL VPN portal. The users of this group have VPN permission to access the LAN. However when i remove the AD members from the group, the user is still able to access the LAN using SSL vpn client. Does the XG…
I have a perplexing issue. I have STAS setup and working, all users are logged into the XG 210 firewall by STAS, except for one. If I delete him from the "users" table the next time he logs in, it works. But after he logs out and attempts to log back…
I have been attempting to set up User Portal and SSL VPN access on our XG310.
However, when setting up a query for the domain, no users appear to be returned when using a Common Name. For example, I have made myself a member of the "SSL VPN" group…