• SSL VPN users password need to expire automatically after specific days

    Kiran Jedhe
    Kiran Jedhe
    Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • sophos xg125 vpn client with smartcard authentication

    Udo Wack
    Udo Wack
    Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra

    hashtag
    hashtag
    I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra I have two use cases. Both involve the Sophos Connect Client and XG firewall v19.5 or later: 1. XG firewall appliance on premise with a MS Windows…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Windows Homedrive - mounting fails due to delayed firewall authentication

    LHerzog
    LHerzog
    When users have homedrives in Active Directory they fail to mount as network drive when the firewall rule to the sharing server has user authentication required. Also the login of the users is taking minutes, not seconds. This is because the user is not…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • OTP Issues with several users

    Quallensaft
    Quallensaft
    Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Maximum limit for authentication server is 20

    Hydro4711
    Hydro4711
    Hello, i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Client Authentication Agent issue with MSI package and the certificate

    Nick KEY
    Nick KEY
    Hi , I have a issue with the Sophos Client Authentication Agent the "MSI" File. If I deploy the Agent with MSI File, it installed it and I can run it, but I am getting the error with Certificate (I think the ClientAuth_CA.scc) file cannot be find. …
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • CCA not working behind another XGS and RED

    Dennis Kirschner
    Dennis Kirschner
    Hello, We use the Client Authentication Agent (CCA) for authentication when accessing our network. We use the client at various external locations which are all connected via RED. At one location (behind a Sophos UTM) this works without any problems…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • AD Domain join not possible

    Ben@Network
    Ben@Network
    Hi Community, I try to join a Sophos Firewall into our Windows domain but the domain join is not passible. I get this errors in /log/nasm.log: Jul 26 11:59:18.983130Z ha.c:30 is_ad_join_required [nasm] is_ad_join_required() AD join required due to…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • user auth - AD or Local or Both?

    Simon Denham
    Simon Denham
    Hello, New bloke here. I read a lot of How To do a thing in XGS, but not why... What would be the intended purpose of a duplicated Administrator Local User and AD user? Is it redundancy in case the AD is unavailable? Should the default administrator…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Complete Radius NPS Guide with EAP and certificate available?

    Cero01
    Cero01
    Hello everyone, is there a complete Guide available for setting up XGS and NPS with EAP and certificate authentication? We want to move on from a working EAP and MSChapv2 configuration because it is deprecated. i wonder, do i need to change…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Changing Active Directory server when using SSL VPN authentication

    GunnAdmin
    GunnAdmin
    Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation: -I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • User Authentication over S2S IPSec VPN

    CV_Sophos
    CV_Sophos
    We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Entra ID SSO

    twister5800
    twister5800
    Hi, Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO I can: - Use the test button under the Entra account, it shows grren. - I can connect and import groups into the firewall from Entra - I can sign into the firewall I cannot…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS Setting up LDAPS for authentication (Port 636) with Two DCs

    Rachel Salvadeo
    Rachel Salvadeo
    Hey all, I have a question that seems to not be addressed in any other related community forum I could find. I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • SSO RADIUS for vpn portal & vpn connect client

    Mathieu Rojo
    Mathieu Rojo
    Hi, My client already use a radius server for authenticated they users. Actually, only the switch contact the radius. I would like to do the following but I don't know if it's possible: Est-il possible de configurer le portail VPN pour que l'utilisateur…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • LDAP AD Sync - force new sync

    MM the Admin
    MM the Admin
    Hey, we have been using an ldap connection to sync usrs from our local AD to our XGS appliance. Since we're migrating, we have changed the UPN and mailaddresses of all users in our AD. Sadly sophos doesn't get that, therefore rules that match…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Firewall

    KYM
    KYM
    My WiFi access points are connected through XG135 firewall capitive portal by creating user credentials. All the users are getting " this net work is untrusted/unsafe" message. What could be the reason
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • AD SSO over Kerberos not working

    Brazzo
    Brazzo
    Hello, I have done a setup with a clsuet of 3300 appliances. For authentication I have configured an active directory domain controler, joined the domain, imported the groups and activated AD SSO on the zones. In Auth-Log the NTLM and Kerberos channel…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Guest Hotspot - Is there anyway to capture or enforce a username ?

    SimonGoode
    SimonGoode
    Hi We have a guest Wi-Fi allowing guest users the ability to login to a hotspot (password of the day) and access the internet. Is there a way to capture a username before they have access to the internet. I don't particularly want to have to create…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • NTLMv1 and SMBv1 still required for AD SSO on XGS6500 with 19.5.4 SFOS ?

    CiroDanise
    CiroDanise
    Hello, We use SSO AD Authentication (Windows Server 2022) for web clients in standard proxy mode and it works. As far as I know, for the XGS to join the AD, NTLM and SMB are required to works. Now we're in the process of hardening our AD and want…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Captive Portal re-authenticating users when roaming to different Unifi Access Points

    Temidayo Abayomi-Zannu
    Temidayo Abayomi-Zannu
    Good day, Sophos Captive portal has been enabled at our site and works but we noticed that if users move around the premises and roam to a different access point, they would have to reauthenticate using the captive portal. I had even set the signout…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Separate MFA field for admin portal login

    J_87586
    J_87586
    Hello, I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Connect VPN password expired... not using AD for authentication

    Alex Glasener
    Alex Glasener
    Hello, we have a single remote user at our organization using the Remote SSL VPN group. We do not use AD to sync passwords or anything. they are just set by the Admin. He emailed me today saying that his password expired, and he can log-in to the VPN…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • Sync with AD

    Vânesson Santos
    Vânesson Santos
    Dear, I would like some help on how I can do this or if there is a way to do something in the following case: We have a client where his firewall is linked to AD, within his internal network, there are some employees who have access to VPN when they…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>