XG already has 802.1x for AP authentications, but it can't be used as a client. Many ISP's (specifically AT&T) use 802.1x client on their supplied CPE with priority vlan 0 tagging to authenticate.
UTM can replace the vendor-supplied CPE by adding a wpa_supplicant, but you don't have the kernel-level control on XG as you do on UTM. Sophos would have to add this feature to XG.

I have XG330 box, user accounts available in google admin mail domain, I want to use the gmail accounts for authentication purpose. How can I add the Server Authentication to google domain?

These basic features will help to control over Users accounts.

These basic features will help to control over Users accounts.

Ideally, this would allow the administrator of the XG to set the precedent for client authentication requests received.
In our case we need to pass authentication details from our NPS server (RADIUS accounting) to the XG to authenticate a small subset of devices/users on the network (shared iPads) but want the computer login events (STAS) and user reported by agent to override this in an order that works for us.

As per Support case 9801435 I have been told that my customers issue with the HTTPS redirected authentication page not working in MS Edge Chromium is because its not supported. This browser has be released for a couple of weeks and should have been tested on the XG prior to this. I will have to tell my customer to use other browsers for the business until this is fixed which isn't ideal. Can a patch be rushed out to resolve this issue as I suspect more and more of your XG customers will be hitting this problem.

Currently we can configure SSL VPN users to login use AD authentication. It will be more convenient if can allow the user login support via Windows Internal CA. use the on-premise CA certificate for SSL VPN user authentication.

The SATC solution doesn't work on RDS/Citrix server in combination with the Sophos Central Endpoint with the Web Protection feature enabled.

Hardware OTP tokens are currently only supported with SHA1 algorithm on XG firewalls. An option like in SG to change the algorithm between SHA1/SHA256/SHA512 on a per-token base would be very useful.

Currently the network traffic policy in the firewall is useless because firewall access server do periodic authorization for the users every 3 minutes. Due to this users are able to download more data they want. Time for periodic authorization for user should be decrease or the feature of increase or decrease should be in dashboard.

Integrate Microsoft AzureAD for user identification for user based XG firewall web policies and reporting. I saw the request for Azure Directory Services which is not free. AzureAD is free with every Office365 tenant. Sophos Central has AzureAD sync, expand this to XG Firewalls as another Server or Directory as a Service model. Seams like this bridge is already half built.

Pleas add an option in Sophos XG Firewall to change simultaneous login ( captive portal / network client authentication) of group, i.e. any number of simultaneous login could be assigned to all members of a particular group at one go.

We have two Sophos XG firewalls and are setting up OTP 2FA with Sophos Authenticator. After scanning the barcodes for both, the Sophos Authenticator displays both accounts with the same default non-unique account name "Sophos SFOS." This makes it difficult to differentiate as to which token goes with which firewall.

Would it be possible to provide an authentication client form Linux running on ARM processors, so for example it would run on a Raspberry Pi. Only the CAA executable need to be cross-compiled within the current Linux client.

Thank you!

Trying to bring a client up to NIST standards. While MS_CHAPv2 is provided with a Radius Authentication server, and a command is available to set allowed authentication methods for VPN clients. The same cannot be said about authenticating the user portal/ firewall and admin access. XG firewall defaults to PAP with no command or capability to set allowed authentication methods. So we've just lost a nice XG feature set because of this issue. :-(

There are various requests to get MS_CHAPv2 working with AD authentication servers. Just bumping that feature request with this one as well.

I have a client that would like to have a feature where in he can delete live users in STAS in one click

Need ability to expire user accounts that exist solely on the XG appliance (vendor access to specific resources internally through SSL VPN)

we are creating free wifi zone at our Mall. In that regards we have used your device and we would like to suggest that currently your Login page is coming first and later on the registration page. Our suggestion is that the Registration page should come first so that user registers first and then the login poge should appear where they can login and use the service.