This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.502 Update causes Internet users cannot authenticate with active directory

SG-230 firewalls in HA configuration.  After upgrade to 9.502 users were unable to access the internet.  Kept prompting users for credentials.  Testing websites and users in the Policy Test page showed as working fine but it isn't.

Rejoined the firewall to the domain seems to have fixed it - for now.



This thread was automatically locked due to age.
Parents
  • We had the same issue after upgrading to 9.501-5, and I'm currently very aware to update to 9.502 - especially after reading your post.

    Rejoining the UTM into the domain worked for a short while, but the failure keept coming after about 45-60 minutes.

    Only Sophos could solve this problem with a hot-fix, which had to be installed by Sophos itself.

    Have a look at this thread regarding SSO for HTTP authentication.

    I just read the change log for the 9.502, and it seems like that the AD SSO problem isn't even mentioned.


    Good luck,
    Uwe

Reply
  • We had the same issue after upgrading to 9.501-5, and I'm currently very aware to update to 9.502 - especially after reading your post.

    Rejoining the UTM into the domain worked for a short while, but the failure keept coming after about 45-60 minutes.

    Only Sophos could solve this problem with a hot-fix, which had to be installed by Sophos itself.

    Have a look at this thread regarding SSO for HTTP authentication.

    I just read the change log for the 9.502, and it seems like that the AD SSO problem isn't even mentioned.


    Good luck,
    Uwe

Children
  • Isn't that this NUTM?

    NUTM-7960 [Web] Authentication issue after upgrade to 9.5 (kerberos)

    According to talex it has only slipped the mentionning in the change log, but is included: community.sophos.com/.../utm-9-502-soft-release

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • Hi

    Just to clarify a few points regarding 9.500/9.501. The main issues that users experienced regarding authentication in 9.500 and 9.501 were known as NUTM-7960 and NUTM-8110, support had been applying patches to resolve these in the short term. The recently released 9.502 includes the fixes for both of these issues so we would expect this to resolve the authentication problems in the majority of cases.

    9.502 has been put on general release as of yesterday so everyone should start to see this available in their GUI.

    Depending on the exact sequence of updates and reboots you may need to rejoin the UTM to the domain after upgrading to 9.502. To simplify things i would say the best course of action would be to install 9.502, rejoin the domain, then re-login all client users to enable AD SSO to work.

    If you do still encounter authentication issues after carrying out the above then contact Sophos Support with the following information:

    • Symptoms seen by the end user (e.g errors, auth prompts etc)
    • Are all or only some users affected
    • The mode of the proxy profile (standard/transparent)
    • Time/date and source IP of an example failed request
    • Either remote access enabled or the http.log

    This should give them a good starting place to identify and resolve any remaining problems

    Greg