Hi there, I found a four years entry here in the forums where somebody asked why a member of the protected users group in active directory is not able to login to webadmin of the Sophos XG. This issue seems still to be existing. The protected users…

Hello Our client wants to limit access to his network, We installed and configured Sophos XGS2300 with web authentication, and the network has 3 VLANs . the challenge is that each time users roam out of the network, it requires them to sign in again…

Hi Sophos community, I'm having a issue for my Wireless router. I have created two rules: 1. Rule 1 for AD users to WAN In the above rule internet is allowed once user is authenticated via AD. Everything is working fine. 2. Rule 2 for Wifi router…

Hi, can anyone point me in the right direction on how i can setup Google LDAP on the Sophos Firewall for user login and identification? I have setup the LDAP on the Google Workspace, but i need to how to map the fields to Sophos Thanks Anto

Hi team, I'm reaching out regarding an issue I'm encountering while setting up Multi-Factor Authentication (MFA) with tokens on our Sophos Firewall. I have three administrators on the firewall. I've enabled the "Generate OTP token with next sign…

Referring to this thread discussion. MFA on web authentication When this setting is used, MFA is not prompted for client VPN users. VPN users can login with username and password only. No MFA required. When "No OTP" is changed to "Specific Groups…

Hello everyone, We are running into an issue where the SSL VPN client will drop a connection and then cause a DUO lockout after sending multiple auth attempts. Has anybody found a way to use DUO for SSL (via DUO Radius Server) that will not continually…

Hello, I dealing with this problem while trying to use external authentication via AD to manage ipsec user connections, i have created a group ou my AD for the users i want to permit access, on the fw on remote access i have give permission to this…

Hello, we are migrating a lot of customers from UTM to XGS/SFOS. With UTM the customers used AD SSO for authentication for web protection (different AD-groups and webfilter profiles). With UTM we never had any issue with AD SSO! Now with SFOS we ALWAYS…

Is it possible to configure SFOS to authenticate different users on different domains? My work has merged with another company. Network wise the two are joined. I've successfully added the 2nd domain server and a test connection is successful. …

Hello we are disbled NETBIOS / WINS for our Domain Network on client side. Since we did this we have problems to authentificate on our domaincontroller through VPN SSL. With VPN IPSsec all is fine. Also in LAN all is fine. Both, SSL and IPSec using the…

Hi, what is the status of this development, when is it coming? has sophos not yet understood how important this is for customers? the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now…

Dear community, A deployed XGS 107, with the following configuration; Ports LAN and WAN Connected Gateway firewall -Routing & DHCP Enabled. Fails to show Live users ( data) whereas Live Connections are detected in the Network traffic. …

Hello, i'd like to report a possible bug without to make a case. We're using SFOS 19.5.3 MR-3, and tried to activate MFA for VPN or the userportal. Of five users, we had always two people who had problems with a OTP timestamp of more than 30 sec …

Hello, we use a XGS 2300 SFOS 19.5.3 MR-3-Build652 and I activated MFA for my account. When I login I can scan the QR code and I can see that a token is generated but everytime I log in it says that the QR code is unused and I should scan it again…

Our STAS users are added to Open Group instead of AD group. When using user portal users are added to the correct AD group. Any ideas why STAS users are not in the correct Group ? Can STAS run as non administrator account ? In STAS logs on DCs…

Dear Experts, We are using Sophos CAA (Client Authentication Agent) v2.0.1 to Authenticate our users for accessing the Internet, Now we're in the process of hardening our AD by implementing Microsoft Baseline Security policy on our Domain Controller…

We have activated the blocking function when someone had too many failed logins. While this is quite useful to block unwanted third-party login attempts, we sometimes have our own VPN users which fail to enter their password correctly or the TOTP. Is…

Hello, I have configured Sophos STAS on a new Active Directory domain. Everything works except the workstation polling via WMI. In the test utility I get an "access denied". in the event viewer of the workstation i have this error: Event 10036…

how do I remove a group member from the Sophos firewall authentication group? I can add members to the group and view group members, but I unable to delete.

Hi, Sophos is synchronized with Active Directory (AD), and when we disable a user's profile in AD, they should no longer appear in the Sophos user list. However, I noticed that some disabled users are still showing up in the Sophos user list. My question…

Dear Experts, I am configuring SMS gateway for guest users to access the Internet, our firewall firmware is on SFOS 19.5.2 MR-2-Build624, i am getting error "Response string:ERR_MOBILE"while Testing the connection please find the screenshot. can any…

I hope that I might be able to find an answer to my problem here. I have joined the Sophos XGS to the domain. The AD object looks good. The Sophos XGS name is configured with FQDN. Unfortunately I get this error message for Kerberos: "Cannot initialise…

We're using STAS and wanting to implement SATC for Terminal Servers Followed the documentation below, but now the system account is smashing the Authentication log with failures https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp…

Getting hundreds of these in the log for Authentication: Cannot establish NTLM authentication channel with Have read through all the other forum posts and they say to disable AD SSO in Device Access, but it's already…