We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…

Hello, we have a single remote user at our organization using the Remote SSL VPN group. We do not use AD to sync passwords or anything. they are just set by the Admin. He emailed me today saying that his password expired, and he can log-in to the VPN…

Hi, what is the status of this development, when is it coming? has sophos not yet understood how important this is for customers? the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now…

I recently worked through a problem where an on premise firewall was unable to authenticate Remote Access VPN users with Active Directory as the server is hosted in Azure through a VPN (Active Directory is used instead of AAD as it's less expensive to…

Hello all, We have a problem with one of our software applications. We are using SFOS 19.5.0 GA-Build197. The software needs to connect to a remote server which is only available via site-to-site VPN. The connection is configured and is working (green…

I have xgs116 appliance and microsoft365 licenses. I would llike to config sslvpn ; with micrososft 365 license authentication to access on premise network. Please help to config

I have my XG set up with both local VPN users and 1 user (mine) authenticating via AD. I've imported the AD OU named Staff where this 1 user resides. I have a new employee coming on, so I created his domain account in the Staff OU. I then logged into…

Hello, we have an XGS 2100 (SFOS 19.0.1 MR-1 Build365).and we tried to configure (without luck) SSL Authentication using a Windows Server Radius. We always get "authentication failed" using "test connection" button (I know that pap must be enable…

I have an SSL certificate from GoDaddy that I am trying to import into the XG 230 firewall. It wants the private key in a .key format which GoDaddy is only giving me a .crt format. The certificate key is in .p7b format which works just fine it appears…

Hello, Looking for guidance here with VPN and certificate authentication. We have a client that requires we implement certificate based secondary authentication for the VPN. We currently use LDAP authentication to AD and they want to use certificates…

Will SAML integration be available for Sophos Connect authentication in the future?

I have setup AD authentication to our XG for Sophos Connect, everything is working well (users auto import when connecting to the user portal and VPN connects no problems). Is it possible to restrict User Portal/VPN Connections to a particular security…

Hello all, I have kind of new XG firewall, switched from UTM software based system. I see now in the authentication logs that there are password and user guessings all the time to try connect the vpn system. Are there any hardening suggestions to…

Support is indicating that they do not support x509 Authentication (Certificate or SmartCard) for remote authentication users to an IPSec Tunnel. Has anyone successfully enabled an IPSec tunnel for remote users to authenticate with a certificate or smartcard…

Hi Sophos community, I've got some problems with an IPSEC site to site VPN. My setup is : Site 1, head office : XG135, lan 192.168.1.1, network 192.168.1.0/24, domain controllers at this location. Multiple branch offices, all linked with IPSEC…

Hi all, My organization is using XG210 FW. Users are connected from outside through pptp vpn and use internet. We want those pptp vpn users go through captive portal. How it can be done ? please suggest ! TIA

We are setting up a new MFA VPN in our organization, and many people in the company already use Google Authenticator, so we'd like them to be able to use that. However, authenticator reports that the data in the QR code is invalid. (It accepts the code…

Hi, I have tried opening a support ticket as well as searching on these forums but I cannot seem to get a straight answer. I'm using an XG450. With Covid making work from home mandatory for a lot of employees, management is now asking me to produce…

Hallo Community, I am fairly new to the world of Sophos and I started with setting up an Firewall XG (SFOS 18.0.3 MR-3) for my extended home network. As I have multiple locations with VPN-Clients and different rules how they use my services I set up…

I have a network with ~150 connections and with client-to-site vpn every new connection requires the import to be reconnected after our new associates leave our main campus. I just took over this network about 4 months ago and am still learning about…

Long story short, we have a user with an outdated phone that they refuse to upgrade, but still want access to our SSL VPN with OTP. Can't get the sophos authenticator or Google authenticator. They are the type that would still have a flip phone if they…

Hi Gents, I have 2 questions today for you. 1. I'm setting up an SSL servers for bunch of users here. Department requiring access to specific resource. Most of the users are Ubuntu and other Linuxs users with few Windows users. - Windows users…

Good Evening, I recently joined a team and started up our own MSP. One of the clients we took over is using a Sophos XG210 (SFOS 17.0.3 MR-3). I am not real familiar with Sophos, though this same unit died and was RMA'd largely in part due to someone…

I am able to successfully authenticate to the user portal. However I am unable to connect to the clientless access connection. I get the below error: Error: Protocol Security Negotiation Failure I created the firewall rule for vpn access but…

Hello, i have an XG in a branch office with a VPN tunnel to the main office with any-any rules both ways, main office has a UTM with the AD servers, stas is already configured there. the fixes for the broken xg net to net vpn funcitonality are also…