Thread Info
  • State Verified Answer
  • +8 person also asked this people also asked this
  • Locked Locked
  • Replies 46 replies
  • Answers 4 answers
  • Subscribers 58 subscribers
  • Views 103836 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Radius with 2factor timout

AndrzejSydorko

In Sophos XG, is there any way to increase the timeout for radius servers?

I'm having problems using SSL VPN authentication with radius when using 2-factor. If I bypass 2factor, I'm logging in fine.

If I enable 2factor, it seems to timeout and I get a second credential prompt before I get to accept the first request, rendering my first request invalid.

I've seen this question before and the answer was that the timout is hard coded. However that was a old thread:

http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/2812151-authentication-configurable-radius-timeout

Maybe things have changed?




[locked by: FloSupport at 7:57 PM (GMT -7) on 25 Mar 2019]
Parents
  • 0

    I upgraded to v16 today as I was excited like a child about the news that it's been released.

    It wasn't really straight forward, I hade to download and install the latest beta first to get it to see the GA update.

    After the upgrade I was eager to try out 2fa so I activated it on my radius server once again.

    To my horror 2fa failed again.

    I got the authentication request on my phone but before I had time to accept it, the ssl vpn client disconnected, timing out as usual.

    If I'm really fast, I meen really really ready, with the 2fa app open and my finger hoovering over the phone, I sometimes manage to authenticate before it times out !

    I'm guessing there still isn't any way to increase the radius timeout on the XG?

    Oh and I'm pretty sure its the XG, not the vpn client that is the issue as I 'm getting timeouts on the user portal as well.

     

    Please sophos, you have to get this done right and soon, I have clients waiting for this stuff to work!

     

  • 0 in reply to AndrzejSydorko

    Hi Andrzej,

    Bit of an interesting one, what 2FA provider are you using?

    I'm not sure the XG has a configurable timeout and that feature request was for the SG UTM, not the XG so it may not be following it through.

    Emile

Reply Children
  • 0 in reply to Emile Belcourt

    Hello Emile

     

    I'm using Duo, but I guess anything that delays the authentication reply the slightest will result the same.

    Typically it takes 5-7 seconds from the moment I press login in the client till I press accept on my phone.

    We use Duo a lot and I'm really hoping Sophos will get this together.

    I really like the XG but I'm not going to recommend a UTM without working 2fa to my clients.

    Not being able to set a timeout for radius is just silly, especially when it seems to be so short per default.

    The model we use is pretty common I think:

    router->radius->2fa mechanism

    It just has to work, the people demand it.

     

    I've been playing with the clients config this evening adding higher timeout values to available parameters but that didn't help...

Unfiltered HTML