• Do my NTP settings make a difference when authenticating via SSL VPN with MFA?

    newbie_IT
    newbie_IT
    Hello everyone, I apologize ahead of time in case none of this makes sense. I'll start with some background info. We implemented MFA not too long ago on our SSL VPN connections. Our Sophos XG is configured to use AD credentials to authenticate.…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2FA with AD-Groups

    LHerzog
    LHerzog
    Hi, we have turned on 2FA for all our users for VPN and userportal. Currently each user has been added individually to "Multi-factor authentication (MFA) settings". By doing this we were most flexible. So far so good. Now we want to switch…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2FA + CAA on Linux or MacOS clients - poor usability

    LHerzog
    LHerzog
    Hello, we have Linux with Sophos Antivirus and MacOS Clients with Intercept X installed. On the firewall we have many rules with userauthentication (and heartbeat) required. We enabled 2FA for many users to secure our SSL VPN. The users are required to…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Has Anyone Successfully setup MFA on their SSL VPN using a third party that can send push notifications instead of appending a password?

    LRJadmin
    LRJadmin
    We are in the stages of rolling out MFA on every connection possible with our clients, and the last step is the Sophos SSL VPN we use in conjunction with our XG firewalls and our identity provider OKTA. We have been looking to implement this for some…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • One account, one password with MFA on different phones

    stephang_01
    stephang_01
    I have two independent users that use the same login and password. One of the users has installed the MFA QR code. I would like for the other user to have his own Authenticator. Is this possible?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How do we prevent Sophos Connect with MFA on Users from retrying once the tiemout has passed?

    John Skadowski1
    John Skadowski1
    Hello Sophos Community, We purchased the Sophos XG series to replace our use of Cisco ASA firewalls. We've been generally satisfied with the change. However, the last remanant to repplace the ASA completely is User VPN access. The Cisco AnyConnect…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IKE VPN, AzureAD MFA, RADIUS, and Sophos Connect

    Marcel du Preez
    Marcel du Preez
    Hi I've configured AzureAD authentication, with MFA, through a RADIUS server and Windows Server NPS role (mostly thanks to this article: Sophos XG: Using Azure MFA for SSL VPN and User portal - Recommended Reads - Sophos Firewall - Sophos Community…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • how to temporarily disable 2FA requirement for one user?

    LHerzog
    LHerzog
    Hi, in case a user forgot the token generator / smartphone at home. Is there a better way than to remove a user from Authentication / Multi-factor authentication (MFA) settings? Imagine you set One-time password (OTP) required for: All users…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG SSL VPN and Native AAD

    RobB @ SK
    RobB @ SK
    Hi, I'm getting some pushback from management about having to sustain the ADDS option purely for VPN access with the XG units. Can anyone in Sophos shine a light at all on when we're going to see native AAD support for access control and MFA? Yes…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • ssl vpn multi factor authentication (mfa) in two steps

    Sophos22
    Sophos22
    is it possible to have ssl vpn (remote access) with multi factor authentication in two steps? this means a further step in authentication process asking for otp? background: we would like to save user password in vpn client and only ask for otp each…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Reissue MFA Token for a user after a new mobile phone and authenticator

    Fred_B
    Fred_B
    Sophos MFA secret keys are not restored when restoring a backup profile to a new mobile phone. In the past as XG administrator I could see the token and help the user to add it again to his phone. That is now no longer possible as I need a OTP to see…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to turn off MFA for User Portal while Generate OTP token with next sign-in is still ON?

    Nur Sakibul Huda
    Nur Sakibul Huda
    Hi. We are interested in turning on Multi-factor authentication (MFA) settings for SSL VPN Remote Access. But whenever we turn it on, the OTP for User Portal is also turned on automatically and is greyed out. So we can't turn it off unless we turn off…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • 2FA-Token (OTP) for IPSec-RemoteAccess without SophosConnect Client

    nils50122
    nils50122
    Hello, we have the following problem. We need to ensure remote access for an external support company. For those 24/7 remote access we need mandatory any type of two factor authentication in IPSec. For internal home-office remoteaccess clients…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • MFA - Can't scan QR

    Stuart James
    Stuart James
    Doesn't seem to be an option for "Can't scan QR code" which normally gives you a code you can enter to Authentication app to add manually. Even Microsoft has this ability on 365. Can this be added?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Turning off MFA

    David Harrison1
    David Harrison1
    Hi all, I've leaving my current company in a few weeks, (and they don't have a replacement tech. just yet) I've been in to my two firewalls and disabled the MFA (OTP), so the next person can setup their own authenticator app when they start. Now…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • When could the support for Google Authenticator and Authy come for Sophos VPN via 2FA?

    Jokx
    Jokx
    How is it possible that Sophos is still not supporting Google Authenticator, Twilio Authy or any other more wide-scale used 2factor authentication apps? It is claiming to be RFC-compliant and stating that those apps are not? Or what is the problem…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • OTP for admin failing to create - couldn't validate the OTP token

    LHerzog
    LHerzog
    After setting up a new XGS136 with 18.5 MR2 one of the first thing I wanted to do is enable OTP for the admin user. I did this on other machines and it worked. Here, I have now tried to create the OTP about 20 times, it does not work. Everytime…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Cannot Log in to User Portal After 2FA is Set Up

    JeffCooper
    JeffCooper
    Hi, I'm running some tests with 2FA. I got the app, QR code, and passcodes are being generated. They work when logging in to the VPN/ But when I try to go to the user portal, I get a username/pw/captcha prompt, but no 2FA passcode prompt. And when I…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to find all administrators in webadmin? (second try)

    Jiri Hadamek
    Jiri Hadamek
    I cannot determine "lost admins" - we have XG (SFOS 18.5.2 MR-2-Build380) In users console appears warning " Administrator accounts unprotected by multi-factor authentication: 8". But I cannot find such administrators. 2 ot them are missing. I went…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Admin login - Login failed (for GUI only)

    JasP
    JasP
    I can login to XG with my administrator account (which uses AD and DUO 2FA) but recently had an issue where I needed to use the admin account and found it didn't work. I don't usually use admin login so I'm not sure when this broke. The password is…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG User Portal One time password

    Kellen Salzman
    Kellen Salzman
    Hello I have been tasked with rolling out MFA and thus OTPs for all of my users when connecting to Sophos Connect/User Portal. I've sorted out how to have the one time password field show up for the Connect aspect, however I am curious if there is…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DUO Authentication Help

    Kyle Hesser
    Kyle Hesser
    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/124501/3-ways-to-setup-xg-18-with-duo-2fa Using this information, I followed the setup for DUO authentication for XG AD Server, DUO LDAP client and server, and it works. But, it seems…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Barcode for 2FA

    BerndFeist
    BerndFeist
    Hello, we think that we were able to access a users barcode for 2FA when he lost it (e.g. exchange of phone, lost phone, ...). Has this changed recently as we don't find it on XG ( SFOS 18.5.2 MR-2-Build380). Or is this only possible on Sophos SG Firewalls…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • MFA for SSL VPN but not for Captive Portal

    Levent Onen
    Levent Onen
    Hi, We have enabled MFA for our SSL VPN users, however that has meant that it has been enabled for the Captive Portal as well. We really do not want to have users authenticate to the captive portal with MFA, in fact we would really prefer an SSO solution…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Super admin disbaled.

    imranimi
    imranimi
    Hi, I had mistakenly disabled MFA for super admin, after that I cannot log in with the admin account on the web portal. but I am able to log in CLI mode. Please find below. I sync the authenticator and it says "timeoffset successfully retrieved" but…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>