Using WAF and OTP are cousing session disconnects. The solution will come in release 9.4xx witch has no official release date. OTP is a paid extra service on the utm. Sophos is leaving me in the cold. We have spend a lot of money on the issue, and need to spend extra money on een alternative solution. Can we get compensation for these costs?
issue:http://sophos.com/kb/117759
Sometimes OTP authentication for WAF didn't work. When handling a client request, the current process has to have the data structure holding all known user sessions in it's memory. If this is not the case, no user session for the user currently being handled will be found and a new one will be initiated. During this initialization process, the user's credentials will be verified against AUA. In case of OTP this will fail since the user's client sent a session cookie containing a password with an old OTP token.
This thread was automatically locked due to age.
