Hi;
We have a large server farm behind sophos firewall. There are different domain name AD servers available. I can authenticate users over ADs with these different domains. I can also use AD authentication on SSL VPN connections. No problem till this…
Hi guys,
We can't delete some users from sophos firewall. When we tried do this, this message was presented: " Couldn't delete user. A firewall rule, VPN connection, web policy rule, or SSL/TLS inspection rule exists for this user "
We already delete…
Hello guys!
I currently have a scenario that uses authentication between the firewall and Active Directory.
In this same Active Directory, in addition to the main domain, I have other domains with linked users.
In the authentication configuration…
Is it somehow possible to identify which groups in SFOS have their source in Active Directory?
To me local and AD groups all look the same on SFOS. Even after export of them as entities.tar.
That makes managing larger environments with local groups…
hello,
we need to use both ssl authentication with radius/mfa for admins and no mfa for normal users.
ssl authentication servers are radius and AD.
when i (admin user) connect to openvpn, i need to use mfa but if i wait without validating mfa, i…
Hey Guys,
I have followed the guides for creating an SSL-VPN that authenticates through Active Directory.
When I have my laptop internal to the network and initiate a VPN connect it works fine. Connection is established. The logs show this.
However…
Hi to all Sophos Community,
I was wondering if you had any idea on this problem.
First time using Sophos firewalls, mostly working on them via Sophos Central Web Admin.
So I enabled IPSec VPNs, it does work with local created users.
Company asked…
HOla!
tengo un problema y a ver si alguien le ha pasado lo mismo y como puedo solucionarlo.
Tengo un DC con DNS "pepito.local" donde tengo un servidor Web publicado al exterior por el dns https://CRM.pepito.com .
En la zona LOCAL tengo creada…
So I have an XG firewall that is Authenticated with our 2 local AD Servers and was looking for some assistance with the below.
1. I did a migration to 2 new 2019 DCs last year and even though we kept the IPs the same, the names changed. Now for some…
Merhaba,
Uzak bir bilgisayardan SSL VPN ile Sophos güvenlik duvarına bağlandıktan sonra AD sunucuma erişemiyorum ve ping atamıyorum.
ancak aynı ağdaki farklı bilgisayarlara ping atabilirim
AD sunucum yerel ağımda çok iyi çalışıyor ve ping gitti…
Hi,
there is already discussion from 4 years ago (+) Import Group Wizard hangs at "Select AD groups to import" - Discussions - Sophos Firewall - Sophos Community that got solved.
I have this exact problem also today on an XG 230 Appliance that…
Hey guys, reaching out for some much-needed help. Have read similar posts but nothing makes sense to me in them.
I have purchased a certificate as well as created a local active directory certificate server. (All Witchcraft to me)
Have installed them…
Hi all
We are having trouble with a test instance of XG 18.5.5 in which we can not get it to join our domain. We are running some 18.5.1 devices which did not have any issues with joining a domain but 18.5.5 just does not play ball.
We get the…
Hello,
what option does a User who is completly working from remote, to change his AD/Windows Password? (the credentials should be write back to the machine, so all Apps like outlook and next login has the new password.)
Or do Admins now days set…
Hi I have two sophos xgs (xgs 2100 & Virtual), i have exported full configuration from XGS 2100 and wanna import it to Virtual Appliance. when i try to import config, everything Are imported except active directory users. i see all local users, but none…
Hi all.
I'm currently facing a problem on an XGS2100 where AD authentication & SSO through Web auth are enabled and working. Just for a few minutes...
Next step on every single client (Windows, Android but not iOS) is lose of connectivity and need…
Hello All,
With sophos xg in the company
AD authentication (stas and CAA)
I have may be 40 rules FW LAN > WAN, but all these rules are with " match known users ", so users or groups are presents
there is no rule witch allow mac@ pc or ip address…
We're moving from SG / UTM and i'm looking for the ability to create custom Webadmin-roles and assign AD-Groups to these roles.
Is there a way to configure this in SFOS?
e.g. Membership in AD Group "Access-Sophos-Webadmin" should allow authentication…
Pls Help!
I'm quite new to Sophos and an trying to use my Active Directory to authenticate users via radius but it refuses to save the server. It passes the connection test on setup but when you come to save it BOOM error.
Pls could someone who is…
I recently configured captive portal on my network using my AD as the autheticator server.
My users can login on their laptops but if they try to do so on their respective phones, they get this error message " User.... failed to login to Firewall through…
Can Sophos confirm please that SFOS 19.0.1 is still not able to detect staggered group membership of a Active Directory? Because that is what I noticed yesterday.
I tried to use a top level group that contains sub-groups for Firewall rules. If the user…
I was wondering if you could help me setup a a firewall rule so that outside URL (eplatform, used for digital libraries) can communicate with our AD so that users can login with their AD username and password. I have added the external host IP of the…
Hi,
We use AD SSO and Ketboros and everything is working fine however we are getting this message in the logs 'Cannot establish NTLM authentication channel with xxx' Message ID 17945. What is this and how can we stop it please ?
Many thanks
…
Hello,
Have 2 questions related to user authentication.
1. Do we know the sync interval between Sophos XG and Active Directory. .We have disabled few users from AD, however they are still able to authenticate against Sophos Firewall via a captive…
Hi,
we have turned on 2FA for all our users for VPN and userportal.
Currently each user has been added individually to "Multi-factor authentication (MFA) settings".
By doing this we were most flexible. So far so good.
Now we want to switch…