This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 - MFA Loop

Hello Sophos Community,

I have a problem with the Sophos UTM 9 firewall and the setup with MFA.

Key data:

- Sophis UTM 9 (SG230) - version: 9.713-19

- The OTP setting under Authentication Services is enabled

- Only one user was added for the test

- The setting Auto-create OTP tokens for users is set

- OTP is enabled for User Portal and SSL VPN

When the user logs into the portal (username+password), the prompt to scan the QR code appears in the next window. After scanning and clicking on the Continue with login button, I land again on the user portal and am asked to enter my login data again. I enter username+password again and attach the MFA code behind the password.

After logging in, I am asked to scan the QR code again. And now I'm in a loop. The problem also occurs when I log in with just a username+password or just append random numbers to the password.

In the WebAdmin portal, however, I can see under OTP token that the key for the user has been created automatically. I've already restarted the firewall and installed the latest firmware but unfortunately no improvement. Do you have another idea?

Kind regards

Kevin



This thread was automatically locked due to age.
Parents
  • Hi Kevin,

    Good day and thanks for reaching out to Sophos community and hope you are well.

    Few Queries:

    -Kindly verify if you have followed all steps as per this kb: https://docs.sophos.com/nsg/sophos-utm/utm/9.708/help/en-us/Content/utm/utmAdminGuide/AuthServicesOneTimePassword.htm

    -Also if possible can you show result of aua.log while encountering the issue? under Shell run tail -f /var/log aua.log

    -And may we verify what authenticator app you are using?

    Kindly let us know. Many thanks have a nice day ahead and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hello Vivek Jagad, hello Raphael Alganes,

    thank you for the message. I use the Google Auth app. Here is the excerpt from the aua.log:

    2023:01:17-14:32:13 remote aua[3775]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
    2023:01:17-14:32:13 remote aua[3302]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
    2023:01:17-14:32:13 remote aua[3302]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.0.10" host="" user="testuser" caller="portal" reason="DENIED"
    2023:01:17-14:32:47 remote aua[3775]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
    2023:01:17-14:32:47 remote aua[3375]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
    2023:01:17-14:32:47 remote aua[3375]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.0.10" host="" user="testuser" caller="portal" reason="DENIED"

    Kind regards

    Kevin

Reply
  • Hello Vivek Jagad, hello Raphael Alganes,

    thank you for the message. I use the Google Auth app. Here is the excerpt from the aua.log:

    2023:01:17-14:32:13 remote aua[3775]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
    2023:01:17-14:32:13 remote aua[3302]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
    2023:01:17-14:32:13 remote aua[3302]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.0.10" host="" user="testuser" caller="portal" reason="DENIED"
    2023:01:17-14:32:47 remote aua[3775]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
    2023:01:17-14:32:47 remote aua[3375]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."
    2023:01:17-14:32:47 remote aua[3375]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.0.10" host="" user="testuser" caller="portal" reason="DENIED"

    Kind regards

    Kevin

Children