Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 7553 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why doesn't the XG SSL-VPN client recognise a 3rd Party 2FA Authentication Confirmation?

Andy Hanson

When you ask the user to authenticate with an additional RADIUS server, directed at a 3rd party solution (for example SecurEnvoy, Swivel, Vasco), and the user strongly authenticates (ie username and password+passcode) which is acknowledged by the 3rd party solution as correct - the Sophos SSL-VPN client returns to the login screen with requests for Username and Password.

 

This looks like it is a timeout issue or suchlike that other firewalls can handle, or at least be configured to mitigate, why can't the Sophos XG?



Edited TAGs
[edited by: emmosophos at 5:39 PM (GMT -7) on 2 Jun 2021]
Parents
  • 0

    Hi  

    This question was raised as part of this previous community thread and related to ID NC-8393 regarding making the RADIUS timeout configurable.

    As was mentioned in David's support case

    David Ballagh said:

    I have a further update and a correction from support:

    The fix for NC-8393 will be available in version 17.2 which is due to be released between September or October of this year (2018). Version 17.1 is coming out in the summer but won't have this feature. 

    As for the workaround provided, Google Authenticator is apparently one way to go but saying that the firewall could also be used was a typo. Instead the support engineer meant that One-Time Password could be used in place of multi-factor authentication. OTP can be used for WebAdmin, User Portal, SSL and IPSEC remote access.

    Along with your current support case, I would also advise raising this ETA inquiry with your Sophos Account Manager. 

    Regards,

  • 0 in reply to FloSupport

    We also had this unhelpful response:

    Hello Andy,

    Thank you for contacting Sophos support.

    Does this work when not using 2FA?

    If this is due to the time out then our developers are working to make this configurable in one of the next updates.

    I'm afraid I cannot give you a time frame on when this might be.

    Thank you.

    Regards, Sam [XXXXXXXXX] 

    Post modified to remove personal data of Sophos employees as indicated in accordance with Community Terms of Service and data protection law.

  • 0 in reply to Andy Hanson

    Hey  

    Sorry for this inconvenience,

    To supplement the engineers response, your issue is likely related to this feature request (the engineer mentioned scheduling a remote session with him to confirm). An ID NC-8393 has been created for this, regarding making the RADIUS timeout configurable.

    I would advise to raise this feature request and ID with your Sophos Partner, to further bring attention and priority for this.

    Regards,

Reply
  • 0 in reply to Andy Hanson

    Hey  

    Sorry for this inconvenience,

    To supplement the engineers response, your issue is likely related to this feature request (the engineer mentioned scheduling a remote session with him to confirm). An ID NC-8393 has been created for this, regarding making the RADIUS timeout configurable.

    I would advise to raise this feature request and ID with your Sophos Partner, to further bring attention and priority for this.

    Regards,

Children
No Data