Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…
I am looking for assistance with IPSEC VPN authentication for On Prem Active Directory & Azure Entra
I have two use cases. Both involve the Sophos Connect Client and XG firewall v19.5 or later:
1. XG firewall appliance on premise with a MS Windows…
When users have homedrives in Active Directory they fail to mount as network drive when the firewall rule to the sharing server has user authentication required. Also the login of the users is taking minutes, not seconds. This is because the user is not…
Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…
Hello,
i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…
Hi ,
I have a issue with the Sophos Client Authentication Agent the "MSI" File. If I deploy the Agent with MSI File, it installed it and I can run it, but I am getting the error with Certificate (I think the ClientAuth_CA.scc) file cannot be find. …
Hello,
We use the Client Authentication Agent (CCA) for authentication when accessing our network.
We use the client at various external locations which are all connected via RED. At one location (behind a Sophos UTM) this works without any problems…
Hi Community,
I try to join a Sophos Firewall into our Windows domain but the domain join is not passible. I get this errors in /log/nasm.log:
Jul 26 11:59:18.983130Z ha.c:30 is_ad_join_required [nasm] is_ad_join_required() AD join required due to…
Hello,
New bloke here.
I read a lot of How To do a thing in XGS, but not why...
What would be the intended purpose of a duplicated Administrator Local User and AD user?
Is it redundancy in case the AD is unavailable?
Should the default administrator…
Hello everyone,
is there a complete Guide available for setting up XGS and NPS with EAP and certificate authentication?
We want to move on from a working EAP and MSChapv2 configuration because it is deprecated.
i wonder, do i need to change…
Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation:
-I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…
We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…
Hi,
Running SFOS 20.0.1-MR1, have setup Azure/Entra ID for SSO
I can:
- Use the test button under the Entra account, it shows grren.
- I can connect and import groups into the firewall from Entra
- I can sign into the firewall
I cannot…
Hey all,
I have a question that seems to not be addressed in any other related community forum I could find.
I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the…
Hi,
My client already use a radius server for authenticated they users. Actually, only the switch contact the radius.
I would like to do the following but I don't know if it's possible: Est-il possible de configurer le portail VPN pour que l'utilisateur…
Hey,
we have been using an ldap connection to sync usrs from our local AD to our XGS appliance.
Since we're migrating, we have changed the UPN and mailaddresses of all users in our AD.
Sadly sophos doesn't get that, therefore rules that match…
My WiFi access points are connected through XG135 firewall capitive portal by creating user credentials. All the users are getting " this net work is untrusted/unsafe" message. What could be the reason
Hello,
I have done a setup with a clsuet of 3300 appliances.
For authentication I have configured an active directory domain controler, joined the domain, imported the groups and activated AD SSO on the zones.
In Auth-Log the NTLM and Kerberos channel…
Hi We have a guest Wi-Fi allowing guest users the ability to login to a hotspot (password of the day) and access the internet. Is there a way to capture a username before they have access to the internet.
I don't particularly want to have to create…
Hello,
We use SSO AD Authentication (Windows Server 2022) for web clients in standard proxy mode and it works.
As far as I know, for the XGS to join the AD, NTLM and SMB are required to works.
Now we're in the process of hardening our AD and want…
Good day,
Sophos Captive portal has been enabled at our site and works but we noticed that if users move around the premises and roam to a different access point, they would have to reauthenticate using the captive portal. I had even set the signout…
Hello,
I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However…
Hello, we have a single remote user at our organization using the Remote SSL VPN group. We do not use AD to sync passwords or anything. they are just set by the Admin. He emailed me today saying that his password expired, and he can log-in to the VPN…
Dear,
I would like some help on how I can do this or if there is a way to do something in the following case:
We have a client where his firewall is linked to AD, within his internal network, there are some employees who have access to VPN when they…