Dear All
Is there any way to get the OTP for the users in the firewall from external server ?
Hi Hesham Mahmoud1
Thank you for reaching out to the Community!
Do you mean the AD server when you say users from the external server?
If so, you can enable OTP for your AD users for services like Web Admin, User Portal, SSL VPN remote access, and IPsec remote access logins.
Follow this document for more info: http://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/learningContents/ConfiguringTwoFactorAuthentication.html
Thanks,
yeah how can i do that
You will have to integrate your AD server with the XG firewall and import OUs and groups.
I donot think you got my question .
I have an FreeIPA server and i want you use it to generate OTP for the users in the firewall how can i do that
There are two different scenario to integrate OTP.
One is using the internal OTP service, which is a TOTP Service (https://tools.ietf.org/html/rfc6238).
The other is by using a Radius server, which supports OTP. https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
You would actually talk to your Service as a authentication service, this will review your request and grant/deny the access.
Yes this what i want to do but how can integrate it with sophos as example :
i have admin user in my sophos xg which called john i want the OTP for john to come from the FreeIPA
you need to start with your solution and integrate a Radius first. After the radius service exists, you simply put a Radius Server in XG. Thats it.
It is quite simply on XG End.
https://community.sophos.com/kb/en-us/123164
I cannot tell you what to do on your Radius end. The link i provided earlier could be the solution, as this sounds like a common requirement for your solution.
