Hello,
I'm posting a question because I'm having trouble setting up an administrator account generated by the AD for firewall access.
My customer wants two of the AD users to be able to log into the firewall administration portal.
I have tried…
Hi,
in our small company we are using Sophos XG 135. I'd like to use RADIUS server for my VPN connections to verify user as AD integration only allows PAP and Radius allows MSCHAP v2. However, for the love of God, I haven't been able to make it work…
Hello,
i am trying to implement SSO for Azure AD users to XG firewall by heartbeat.
These are M365 Cloud Only Users . The Username is ex. john.doe@ourdomain.com . Heartbeat tells me that the user is johndoe, without the dot.
I guess that this is…
Currently running a XG430 19.0.
I am currently having trouble having my ad users being linked to the right group.
I have created some security groups on my AD, I have synced them up with the sophos firewall using query like this (ou=x,dc=x,dc=.…
How is it possible that Sophos is still not supporting Google Authenticator, Twilio Authy or any other more wide-scale used 2factor authentication apps?
It is claiming to be RFC-compliant and stating that those apps are not?
Or what is the problem…
Hello
I am using a RED 15w in my home office to connect to the company.
When I connect it directly to the Fritz Box I am able to do so and the Authentication against RADIUS is working.
WhenI connect through two devolo dlan550 and dlan650 this is…
Hello
A few days ago I started a trial of SFOS 18.5 as a Hyper-V VM, specifically to trial the Web Filtering feature.
Our users log on to Server 2012R2 Remote Desktop Servers.
I've followed the guides on the website to add an AD server along with…
Hello
I am trialling an XGS VM running SFOS v18.5.3 MR3.
I have setup AD Sync for users and groups. We will specifically be using AD groups to control web filtering.
Must all users first navigate to the user portal before the XG will place them…
Hi,
I'm currently evaluating the XG as a Replacment for our SG Cluster.
My Problem is that the NTLM and Keberos Authentication is not working and I'm redirected to the Captive Portal.
I tried to find a Logfile where the AD Join is logged but I ha…
Hi,
I'm setting up an XGS to authenticate wifi connections with WPA2 Enterprise to FreeRadius and OpenLDAP running on Ubuntu 20.0.4.
I know the LDAP part works because my VPN connections work.
Test Connection works in Authentication/Radius. So…
Hello,
So I performed an in place upgrade on one of our domain controllers from 2012 to 2019, so that I don't have to worry about demoting and promoting blah blah blah. Before I upgraded the second DC I wanted to make sure our users can still authenticate…
Good afternoon. I was able to set up my XG to accept Azure MFA for Portal and SSL VPN access using a Radius server. This seems to work brilliantly for users who use the Microsoft Authenticator app and push (Appreove/Deny) notifications.
We have a handful…
My topology is as the image above. I have an IPSEC tunnel between the branch office and head office. I have an AD server at the head office site. I want to configure Active Directory authentication on the XG at the branch office using the AD server at…
Hi all,
we have two XGS2300 running in active-passive-mode.
Firmware is SFOS 18.5.2 MR-2-Build380.
We have AD authentication configured and I have questions regarding the AD.
In the Sophos documentation ( docs.sophos.com/.../index.html) there…
I've a setup where we need machines to have a certain amount of access to the web while not authenticated/before login. (for deployments, remote tools, Azure AD login attempts) but we also need for the machine to use the web authentication if they try…
Hi All,
Recently one of our clients who have a server setup with a Sophos XG210 at their HQ have opened up a new branch that only has desktops and no servers. Machines are connected to a domain and a few of the users from head office have moved to the…
Authentication logs show the user is authenticated correctly
However when browsing, the web filter doesn't pick up the user, so therefore doesn't apply the right policies
Any ideas where to look?
Can anyone share complete details on SMS gateway response format. I had gone through docs. But documentation is not clear.
https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/GuestUserSettings…
So far I had gone through
https://support.sophos.com/support/s/article/KB-000038037?language=en_US
https://docs.sophos.com/nsg/sophos-firewallmanager/v17.0.0/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/SMSGWProfileEdit.html
Still…
Hello Community,
we have users which are allowed to authenticate via KERBEROS only. If this setting in AD set, the user cannot be authenticated from firewall to AD. If we disable this policy in AD the user will authenticated. For me it looks like…
Hi all,
I cannot remove an AD user from the users tab. This user has no firewall rule attached, nor is any VPN enabled, and no web policy active.
I am on version 18.5.2
csc.log shows this:
MESSAGE Mar 01 17:40:19Z [worker:26569]: {"request":{…
Hello,
My XG firewall is integrated with LDAP and I can login with the account from LDAP server.
I can see all users account when they are logged in ('user' tab). but I cannot see their group information that I assigned in LDAP server.
Is there…
Hello,
the AD authentication for the user portal and all other services is not working. I configured it according to this guide:
https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/de-de/webhelp/onlinehelp/nsg/sfos/learningContents/ConfiguringActiveDirectoryAuthentication…
Hello World,
Is it possible to configure Sophos XG to authenticate users for internet access once they sign in to their workstations?
If not is it possible to force the browser to re-direct the user to the network authentication portal?
Also, if…
Hi
We have setup AD authentication on our XG and imported a "VPN Users" AD group on to our XG. The VPN Users group is assigned to the SSLVPN.
If a user authenticates via the SSLVPN 2.1 client, a user is created in the "VPN Users" group on the firewall…