Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 2534 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 - MFA Loop

phi IT-Services GmbH

Hello Sophos Community,

I have a problem with the Sophos UTM 9 firewall and the setup with MFA.

Key data:

- Sophis UTM 9 (SG230) - version: 9.713-19

- The OTP setting under Authentication Services is enabled

- Only one user was added for the test

- The setting Auto-create OTP tokens for users is set

- OTP is enabled for User Portal and SSL VPN

When the user logs into the portal (username+password), the prompt to scan the QR code appears in the next window. After scanning and clicking on the Continue with login button, I land again on the user portal and am asked to enter my login data again. I enter username+password again and attach the MFA code behind the password.

After logging in, I am asked to scan the QR code again. And now I'm in a loop. The problem also occurs when I log in with just a username+password or just append random numbers to the password.

In the WebAdmin portal, however, I can see under OTP token that the key for the user has been created automatically. I've already restarted the firewall and installed the latest firmware but unfortunately no improvement. Do you have another idea?

Kind regards

Kevin



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Raphael Alganes

    Hello Vivek Jagad, hello Raphael Alganes,

    thank you for the message. I use the Google Auth app. Here is the excerpt from the aua.log:

    2023:01:17-14:32:13 remote aua[3775]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
2023:01:17-14:32:13 remote aua[3302]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
2023:01:17-14:32:13 remote aua[3302]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.0.10" host="" user="testuser" caller="portal" reason="DENIED"
2023:01:17-14:32:47 remote aua[3775]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
2023:01:17-14:32:47 remote aua[3375]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
2023:01:17-14:32:47 remote aua[3375]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.0.10" host="" user="testuser" caller="portal" reason="DENIED"

    Kind regards

    Kevin

  • +1 in reply to phi IT-Services GmbH

    Hello,

    Good day and Thanks for sharing these details.

    please check SHA settings on under OTP if it is 265 or 512 and if Google Authenticator support such hash algorithm or falling back to SHA1, then try to change in UTM by changing SHA settings to match authenticator hash algorithm. 

    alike community thread reference that you can also refer to:

    -  Sophos SG UTM: OTP QR Code doesn't work 

    RE: Users cannot login with OTP 

    Hope this helps. Kindly let us know how it goes. Thanks for your time and patience and thank you for choosing Sophos.

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Hello Raphael Alganes,

    thank you for the message. I switched the hash SHA1 and now it works. :) many thanks for the help.

    Best regards

    Kevin

Unfiltered HTML