Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 4840 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN with MFA push?

ken9000

Has anyone found a way to have XG VPN logins using MFA (OTP) send a "push approval" to a mobile device versus requring each user to login to the XG, scan the QR code, then manually append their password with that code? That process is fairly cumbersome for most users and requires a lot of hand-holding from IT.



This thread was automatically locked due to age.
Parents
  • 0

    I have upgraded my Sophos XG to V18 and it still not working.

     

    I can change now the timeout of the Radius server but when I try to connect to the SSL VPN using DUO MFA, it doesn't work. 

     

    When I put my credentials and click on connect, I receive DUO push and accept it, but after a few seconds I receive the credential window of the SSL client again. 

     

    When I check the logs of Radius server, I can see that the first and second authentication were completed but it seems that the firewall doesn't accept the response back from the Radius Server.

     

    Does anyone get it working that could help me on it?

  • 0 in reply to Sophos User2463

    Did you change the SSLVPN and IPsec Authentication Method on Authentication Service for Radius? 

    You need to login to the User Portal with Radius and use this Config file (own Cert). 

Reply Children
  • 0 in reply to LuCar Toni

    Hi LuCar Toni,

    I have tried to download the client using a user configured as Radius server but still not join. 

    I can see on the client VPN logs that we have a log of (AUTH FAILED), and then it shows the credential windows again. 

    As I said before, I can see on DUO logs that both authentication were success and the Radius server is sending response back to the firewall but it just doesn't work.

    Thank you!