• Active Directory Windows Server 2025 not Authenticate Users

    Masoud Hemmati
    Masoud Hemmati
    Hello After upgrading Active Directory Server to Windows Server 2025, Sophos XGS Authentication user Not working and have Problem .
    • Answered
    • 18 days ago
    • Sophos Firewall
    • Discussions
  • how to enable SFOS authentication with different UPN and SamAccountName

    LHerzog
    LHerzog
    I have learned how to support UPN or multi UPN configuration with local Host / DNS registrations on the Firewall directly. I have configured that successfully on the firewall. Sophos Firewall: Authentication Multi UPN configuration But as written in…
    • 22 days ago
    • Sophos Firewall
    • Discussions
  • AD Authentication Time-out

    Chris Burke2
    Chris Burke2
    This issue just started on Sunday, reoccurred just now. Remote VPN login times-out. I've narrowed it down to an issue with the FW connecting to AD. The "Test Connection" failed. A reboot of the FW fixes the issue (Both times). After reboot, the "Test…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • office 365 user integrate with sophos firewall

    wilfredo Capiral
    wilfredo Capiral
    Hi, im new in sophos firewall, we have office 365 user and what i want is when they will connect to our vpn they will use there office 365 username and password, for authentication. example sophos client or opnvpn connect
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Radius configuration failed

    admin_idl
    admin_idl
    Hello, We are currently adding authentication via a Radius server on the firewall. Unfortunately, we always get the following message when testing. Does this mean that the username and password are wrong or is it due to the settings that are being checked…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS add Radius

    admin_idl
    admin_idl
    Hello, We want to add a Radius Server on the XGS. Which entry must be stored for the item ‘Groupe Name Attribute’? Where can I find this attribute on the Radius Server? Thank You!
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Delete a group imported from the AD

    admin_idl
    admin_idl
    Hello everyone, We have imported groups from the AD on the XGS and now wanted to tidy up a bit and remove various AD groups from the firewall again. When trying to delete the groups we get the message: Thank You!
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • VPN with Authentication Active Directory with enumeration blocked

    Tecnologias Imaginadas
    Tecnologias Imaginadas
    Hi. Anyone has configured Sophos XGS SSLVPN with Active Directory Authentication on AD with enumeration blocked? After configure Server on XGS I can authenticate and retrieve groups/users without problem... My problem appears when try to authenticate…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • User member of multiple AD Groups - why not working for MFA / 2FA?

    LHerzog
    LHerzog
    We have AD synced Groups. We use them for FW Rule permissions, SSL VPN access and MFA control on the Firewall. Now we have this scenario: User XY is member of these groups: Group A (used for a firewall rule) Group B (all members of the company,…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Rant - SSLVPN with Duo RADIUS Proxy Change after SFOS 20.0.0

    jdh201
    jdh201
    So, I wanted to post a bit of a rant here regarding an undocumented change to RADIUS authentication after SFOS 20.0.0 that has broken my DUO MFA implementation. For years I have had my users added from AD and I was able to pull multiple groups through…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Radius Authentication over SD-WAN

    IanR222
    IanR222
    I have radius authentication working locally from the Sophos Firewall to the local radius server for both VPN and for WiFi authentication, however I am unable to get the authentication working from the Sophos Firewall to another radius server at a remote…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • AD SSO operations

    jtaylor
    jtaylor
    Hi, I’m struggling to find documentation about how Active Directory SSO operates (as opposed to how to set it up). The kind of questions I have are… Is the initial browser authentication transparent, or does the captive portal appear for login? …
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Sophos AD/SSo authentication issue

    sreehari s
    sreehari s
    After changing the authentication mechanism to AD sso Kerberos authentication. The client machines are getting additional popup for the browser authentication, so that internet traffic will be allowed. We have tried by adding the hostname in internet…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • User assigns always to just one AD group

    Ingo Buyny
    Ingo Buyny
    Hello, I have a problem with a user who belongs to several groups in my Active Directory. Two of these groups are present in my XGS. However, the user on the XGS is only a member of one group, and for organizational reasons I don't want to use this…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XG does not recognize user group returned by NPS RADIUS server

    Haris Alatovic
    Haris Alatovic
    Hello everyone, I have issue with Sophos XG firewall running SFOS 19.5.4 MR-4-Build718 configured for authentication via RADIUS server running on Windows Server (NPS service) with Azure MFA extension. We use it for MFA for VPN users. It works fine except…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra

    hashtag
    hashtag
    I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra I have two use cases. Both involve the Sophos Connect Client and XG firewall v19.5 or later: 1. XG firewall appliance on premise with a MS Windows…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Windows Homedrive - mounting fails due to delayed firewall authentication

    LHerzog
    LHerzog
    When users have homedrives in Active Directory they fail to mount as network drive when the firewall rule to the sharing server has user authentication required. Also the login of the users is taking minutes, not seconds. This is because the user is not…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Maximum limit for authentication server is 20

    Hydro4711
    Hydro4711
    Hello, i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • AD Domain join not possible

    Ben@Network
    Ben@Network
    Hi Community, I try to join a Sophos Firewall into our Windows domain but the domain join is not passible. I get this errors in /log/nasm.log: Jul 26 11:59:18.983130Z ha.c:30 is_ad_join_required [nasm] is_ad_join_required() AD join required due to…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • user auth - AD or Local or Both?

    Simon Denham
    Simon Denham
    Hello, New bloke here. I read a lot of How To do a thing in XGS, but not why... What would be the intended purpose of a duplicated Administrator Local User and AD user? Is it redundancy in case the AD is unavailable? Should the default administrator…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Complete Radius NPS Guide with EAP and certificate available?

    Cero01
    Cero01
    Hello everyone, is there a complete Guide available for setting up XGS and NPS with EAP and certificate authentication? We want to move on from a working EAP and MSChapv2 configuration because it is deprecated. i wonder, do i need to change…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Changing Active Directory server when using SSL VPN authentication

    GunnAdmin
    GunnAdmin
    Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation: -I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Setting up LDAPS for authentication (Port 636) with Two DCs

    Rachel Salvadeo
    Rachel Salvadeo
    Hey all, I have a question that seems to not be addressed in any other related community forum I could find. I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • sophos xg home to AD password/group synchronization

    Moeed Aziz
    Moeed Aziz
    Hi, I have Sophos home deployed in our network, with AD groups synced-in from AD server for user-based internet access. For a month or so now, when any users changes their domain user password, SSO (single sign on) does not work for them and they…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • SSO RADIUS for vpn portal & vpn connect client

    Mathieu Rojo
    Mathieu Rojo
    Hi, My client already use a radius server for authenticated they users. Actually, only the switch contact the radius. I would like to do the following but I don't know if it's possible: Est-il possible de configurer le portail VPN pour que l'utilisateur…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
>