Enabling 2FA for SSLVPN enables it for Client authentication Agent as well ???

Kandarp Desai1 this is a known limitation

https://community.sophos.com/products/xg-firewall/sfos-eap/v16/f/sfos-v16-beta-issues-bugs/78147/client-authentication-reports-bad-credential-if-otp-is-enabled/307608#pi2151=2

Vote the feature request

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/33679621-split-caa-from-user-portal-for-otp

Regards

Hey thanks for the reply. Were you able to make it work using Sophos Connect ? I spoke with the Sophos Presales team and they said we can make use of this Connect client which will have MFA only for VPN users and not CAA. If you have tried it do let me know thanks !

Hey thanks for the reply. Were you able to make it work using Sophos Connect ? I spoke with the Sophos Presales team and they said we can make use of this Connect client which will have MFA only for VPN users and not CAA. If you have tried it do let me know thanks !