SSL VPN Radius with 2factor timout

Guido,

If there is a nic opened, the feature is completely missing even from CLI.

Hope they will give us when this will be implemented v16.5, v17....

This is now a very important requirement from a compliance perspective.  If I cannot get an answer on this, I may very well have to look at alternative solutions.

Are there an updates?  I'm not sure how out-of-band radius authentication scenarios have not been considered.

What's the current status of NC-8393? When can we expect to see it in a release?

Hi there, are there any new informations about the radius timeout issue? We like to use Microsoft mfa an in the case that the Primary 2factor Fails the radius Connection will droped from the xg Firewall wile MS mfa tries to use the alternate 2 factor (SMS or phonecall for example). 

Best regards, 

Stefan

Please provide an update on this. It seems many of us are facing the same challenges and the only options are to change MFA provider or reduce our VPN security (neither of which are ideal).

Hi All,

The feature is pending and unfortunately, v16 will not see the feature. We have a buffer full of feature requests and the developers will consider these requests on the account of Votes it receives. Please cast your votes and raise a support case to push the development team to prioritize it. I'll start a group conversation for this request and try to prioritize it.

Thanks

I hope that's not the only metric you're using to roll requests into future firmware updates. This seems like a critical bug, not a feature request. How do you get them reclassified? People can't even login because there's no way to set the timer and your partners are losing business because of it. Relying on votes for this seems counter intuitive.

Can you point us to where to vote on this? I agree that this shouldn't even be in the "feature request" status. This is a fairly critical issue for many companies. For us it has prevented us from fully implementing the UTM's we purchased over a year ago. We have to "protect" them behind ASA's that can handle 2FA for things like VPN access. If we'd have known that something as basic as 2FA had not yet been fully implemented in the platform we likely would have chosen a different product. 2FA has become a standard, and it's not something that happened recently. OTP's are old school and not something that organizations want to force on their users if everything else in their environment can be logged into without the hassle.

Just as a note, the only reason we've kept these around this long is because we keep being told that this basic functionality is coming out "any day now"

I see here that it has been added in 9.5 but for some reason has not been done in the XG platform. https://community.sophos.com/kb/en-us/127334

Any word regarding whether the latest V17 release corrects this issue (2FA timeout)?  It doesn't appear to be listed specifically in the release notes, but still hopeful . . .

Thanks

Where can we cast votes for this feature and get it moved up?  What is the escalation procedure?  This is a SOC 2 requirement for client VPN services and we cannot use the product.

Thank you.