I have learned how to support UPN or multi UPN configuration with local Host / DNS registrations on the Firewall directly. I have configured that successfully on the firewall. Sophos Firewall: Authentication Multi UPN configuration But as written in…

I'd like to roll out SSLVPN to some of our users, but the password concatenated with the OTP code is very awkward.... You can't save the password, and you can't easily use a password manager either. Is there some way or 3rd party software that will…

This issue just started on Sunday, reoccurred just now. Remote VPN login times-out. I've narrowed it down to an issue with the FW connecting to AD. The "Test Connection" failed. A reboot of the FW fixes the issue (Both times). After reboot, the "Test…

Hi, im new in sophos firewall, we have office 365 user and what i want is when they will connect to our vpn they will use there office 365 username and password, for authentication. example sophos client or opnvpn connect

Hello, We are currently adding authentication via a Radius server on the firewall. Unfortunately, we always get the following message when testing. Does this mean that the username and password are wrong or is it due to the settings that are being checked…

Hello, We want to add a Radius Server on the XGS. Which entry must be stored for the item ‘Groupe Name Attribute’? Where can I find this attribute on the Radius Server? Thank You!

Hello everyone, We have imported groups from the AD on the XGS and now wanted to tidy up a bit and remove various AD groups from the firewall again. When trying to delete the groups we get the message: Thank You!

Hi. Anyone has configured Sophos XGS SSLVPN with Active Directory Authentication on AD with enumeration blocked? After configure Server on XGS I can authenticate and retrieve groups/users without problem... My problem appears when try to authenticate…

We have AD synced Groups. We use them for FW Rule permissions, SSL VPN access and MFA control on the Firewall. Now we have this scenario: User XY is member of these groups: Group A (used for a firewall rule) Group B (all members of the company,…

We use a lot of single user RDP sessions so I've configured STAS with Registry Read polling and it works except for two issues: - When the polling happens every three minutes, the live users for the RDP sessions drop out for up to 10 seconds. - If…

So, I wanted to post a bit of a rant here regarding an undocumented change to RADIUS authentication after SFOS 20.0.0 that has broken my DUO MFA implementation. For years I have had my users added from AD and I was able to pull multiple groups through…

Hi, I’m struggling to find documentation about how Active Directory SSO operates (as opposed to how to set it up). The kind of questions I have are… Is the initial browser authentication transparent, or does the captive portal appear for login? …

Good morning everyone. Since the function of a company depends on the LDAP query, I would consider it extremely important to receive a warning. If the LDAP query fails. The MTA then no longer checks users if the connection to LDAP is disturbed (it cannot…

Lots of posts about this. Here is an example. AD SSO - Cannot establish NTLM authentication channel with xxx Seems like the recommendation is to disable AD SSO in all zones. But what if we want SSO so we can log user web traffic? Why might we want…

hi, i have XGS2100 (SFOS 20.0.2 MR-2-Build378).very wired issue is being faced. i am using STAS for user authentication. user rule is down in the rules. on top of all i have created rule in which i added mac address of few users. this rule is not working…

Hi all, we are using XG firewall and using STAS authentication for user internet access. we are facing issue with outlook and teams application this application getting discounted frequently, but that time internet is working fine with the system…

Hi all, I have a problem with - at the moment reportedly - two users. They can establish a VPN connection successfully and every works well. However after sometime the username information gets lost, i. e. the username field in the log is shown as empty…

I would like to change my STAS configuration to use a dedicated service account. I am following the guidance here - https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-STAS-transparent However…

If you are not registered in Active Directory, you cannot access the internet. How can I do it?

Hello, I am trying to use Authentication Policies for one of our Web Servers to restrict access to members of three specific Active Directory groups. When the user logs in, the authentication log shows a successfull login, but the site just reloads…

After changing the authentication mechanism to AD sso Kerberos authentication. The client machines are getting additional popup for the browser authentication, so that internet traffic will be allowed. We have tried by adding the hostname in internet…

Hello Sophos Community, first of all everything worked with STAS the last months without any problems.This week starting from monday on we are experiencing random disconnects on our STAS backend (it seems). It hits several live users randomly. They…

Hello, I have a problem with a user who belongs to several groups in my Active Directory. Two of these groups are present in my XGS. However, the user on the XGS is only a member of one group, and for organizational reasons I don't want to use this…

Hello everyone, I have issue with Sophos XG firewall running SFOS 19.5.4 MR-4-Build718 configured for authentication via RADIUS server running on Windows Server (NPS service) with Azure MFA extension. We use it for MFA for VPN users. It works fine except…

Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.