L2TP / AD - Sanity Check?

Hey M8ey 

The XG supports multiple protocols depending on what authentication server you are using. You will also need to set your configured protocol via the CLI.

Please refer to the following KBA's:

• Sophos XG Firewall: How to set the authentication method for L2TP or PPTP VPN users
• Sophos XG Firewall: How to configure an L2TP connection for Windows 10

Regards,

Hey Flo,

Got that far and I am authenticating the L2TP users with AD ok - I also had to change the XG Firewall to use PAP as default and then allow the windows 10 clients PAP

Not secure as PAP is unencrypted.

Why does the XG only support PAP to talk to AD?

Hey Flo,

Got that far and I am authenticating the L2TP users with AD ok - I also had to change the XG Firewall to use PAP as default and then allow the windows 10 clients PAP

Not secure as PAP is unencrypted.

Why does the XG only support PAP to talk to AD?

Hi M8ey 

This is currently a known issue (NC-8891) on the Sophos XG that our team is continually evaluating to address in a future release.

Regards,

Thanks for that.

I just made the bulk of my VPN users SSL-VPN instead of L2TP which is probably better anyways.

L2TP is quick and simple from iOS / Mac devices so will still get used.

Hopefully Sophos update the security on AD / VPN in a future release :-)