Hi, We have setup proxy on client computer for the sophos xg and AD SSO in place and it just works fine; user starts browsing, gets seemlessly authenticated via AD SSO and surfs on... Now my organization wants to get rid of proxy settings, the traffic…

I wanted to share my observations regarding communication problems between STAS Agents and Collector. We have three domain controllers, one primary and two backup. I installed the nevest STAS application on each of them. One of them was launched in…

A customer is faced with a strange problem in the Sophos xgs Fw (v19) , After rebooting the firewall or the Active Directory server, certain users are no longer in their group . We add all the subnets to the STAS and log in to the user portal (The technical…

Hi, i have faced issue with STAS configure STAS in firewall and AD and check with user some user logout after 10 to 30 min and some user system are still are in stas. windows system are connected through stas-Windows 10 pro version-1809 os build…

Hi All, I have an XGS2300 and just updated from 19.0 to 19.0.1. Everything authenticates. Users can access remote access IPSEC, WiFi (through Radius), and User Portal. But I keep getting the message "Cannot establish NTLM authentication channel…

Hello, I have had a problem with duplicated users due to the use of an UPN suffix in Active Directory. The domain was created using a “.local” domain name. However, an UPN suffix was configured to allow the use of a public domain. This has meant having…

Dear, Some Windows 10 machines started to lose internet connection. I'm using STAS with Active Directory authentication. When the user logs in again to windows, the connection returns. Can anybody help me?

Hi, i have configured stas in DC and after configured user and connected through STAS and no login required i have created multiple groups with user rule in sophos.when user login to system i have checked the log its showing as per created rule but…

We have onclick protection enabled in Email Gatweay so e-mails with urls have a Sophos substitute url. OnClick Sophos checks the url and when found correct the browser is refered to the correct url. This works as intented. HOWEVER there is one user…

Hello, i would configure out Terminalserver Access with AD SSO authentication for multi-user hosts. I follow this article: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles…

We don't have have on-premise AD, need to integrate the firewall with Azure AD.\ We have IPSec tunnel connectivity between FW and AD.

Hello, I am struggling with NTLM issues (I am not using STAS and trying to use Kerberos) I think I have setup everything correctly. is there any detailed logs I can look at.

Remote STAS in bridge mode Hello guys. I'm approving an environment where we have sophos in bridge mode. The following scenario being evaluated. Office: router <-> sophos fw(l2) <-> switches Inside this office we have an AD with STAS, running…

Dear Community. due to the current not so transparent information I am looking for a supported way to allow users of an RDP session to apply firewall rules based on "Active Directory Groups" basis. This is to prevent that user 1 from group 1 can access…

Hi everyone, a customer where I recently deployed a Sophos XGS 136 is reporting that desktops are losing internet connection for 30 seconds and then returns normally, and that this is not for any specific desktop, but randomly. Is anyone experiencing…

Hi support, I have a few questions on configure Active Directory authentication on my XGS. I have followed the guide here: Configure Active Directory authentication - Sophos Firewall When I open the VPN portal, I cannot login using my AD user…

I am not sure where else to request a feature, so I am going to request it here. It would be nice to be able to tie an active directory group to an XG Admin rule. This way all the users in that AD group can login to the XG Firewall with admin permissions…

Hi, I have active directory configured and it works. Users can log in to the user portal, vpn, and wifi. Yay! But, the attributes for the display name and email do not pull over from the AD Server. Example: The user logs in with username The name…

When will Sophos come out with Support for SAML? The majority of the players out there do support SAML2, why is Sophos dragging its feet.

Hello all, We are facing several problems with STAS Logoff detection method - WMI after the lasted Windows updates mid of June. All computers are returned Access Denied when we execute WMI test over STAS. This is causing a big problem with discnnection…

to attribute traffic from remote desktop service host (windows server 2012 r2) to users we created a test implementation of SATC with sophos server protection. current issue: nearly all traffic is not assigned to user (username in log empty). but…

Hi Guys, Since I activated STAS on Sophos Firewall, sometimes for a small period of time, workgroup users that are using the captive portal, cannot login to the captive portal. In fact at this period, not only the captive portal but user portal, web…

hi all, under "configure > authentication > servers" ive added my domain controller to it but how do you manually "re-sync" it as ive just added another security group on my DC, ive added the group under group in sophos, called it the same name but…

Hi everyone, can Sophos perform user authentication in direct proxy mode? Captive Portal, SSO, Client Authentication and STAS are not meant. Since we have some applications that should be authenticated directly by Web Proxy. Through "basic user authentication…

In case someone has symptons with http websites that get ERR_CONNECTION_CLOSED When we apply Advaced Threat Protection, websites which uses http protocol (internal and external) are often ERR_CONNECTION_CLOSED. These http connections work good for 0-20minutes…