Please provide us feature to export the user details in a csv file

At present the Windows AD domain HAS to use the same domain name as your Google Apps. We have the correct information in our AD Attributes to match against Google but its not held in the "mail" attribute but instead in the "wwwHomepage" attribute.

My suggestion is to allow us to CHOOSE which AD attribute to use rather than forcing the domain to be the same name on Google and our Local AD.

This feature request is in response to the realization that the STAS Agent cannot establish encrypted LDAP communication to a backend eDirectory server.

Problem: It is not possible to set up the STAS Agent in eDirectory mode with an encrypted (port 636/tcp) LDAP connection. Only a plain text LDAP over port 389/tcp is supported at this time. (We wrote the year 2021 for all readers).

Function: Establish the configuration option and support encrypted LDAP communication to eDirectory server over port 636/tcp for the STAS agent of Sophos XG Firewall.

Salve, questa è la seconda volta che indichiamo che abbiamo molti problemi nell'utilizzare il servizio standard del Captive portal offerto per la connessione WIFI. In pratica ogni qualvolta viene inserità una password egnerata che contiene caratteri come ELLE oppure I in maiuscolo e minuscolo non si comprende bene cosa inserire. Questa cosa dà molto fastidio! Per favore correggete prima possibile il font o la metodologia soltanto numeri?

The firewall does not currently allow for connecting to LDAP servers with self-signed certificates.
When connecting to Gsuite LDAP the XG firewall tries to validate the certificate before calling the LDAP server. This validation fails since the certificates are self-signed by Google.

Secure RADIUS using EAP (Extensible Authentication Protocol) between RADIUS servers and the XG firewall (like PEAP-MSCHAPv2)

It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.

It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.

Based on case 03497881, Sophos doesn't think that having the surfing quota tied to the SSL VPN function is a bug even when SSL VPN is not used as the default Internet gateway. This should be changed so customers do not need to create separate user IDs for LAN usage and for SSL VPN login.

Radius connection from Sophos XG Firewall dosn't forward the IPv4 Attribute to our MFA system (test with other firewalls vendos do that)

We are using the RADIUS Attribute CALLING-STATION-ID (31) in our ENTRUST MFA solution.

In our setup users authendicate through RADIUS when connecting with remote VPN (Sophos Connect) - we can see the remote IP of the user in the firewall so the XG know it - but the IP not forwarded to the MFA solution

The IP is uses e.g. for risk management settings.

Sophos XG supports MAC binding for user authentication.
This is a feature used e.g. SSL VPN connections to identify devices.
Mobile devices with Android or iOS as operating system do not support sending the MAC, but instead the UUID.
Therefore I request adding this feature so we can identify corporate devices by UUID.

If you try to log in to the user portal with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.

The current login form causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.

With a SSL VPN client with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
The current login form is rather crude and causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
An upgraded form with logo that looks more professional would be my preference please.

We need to change default user password at first login and expiry policy or other easy way to change user password by themsalves.

Even if LDAP server authentication is configured, Sophos Connect users have to login to User Portal one time before connect thru VPN.
Connect's Users must be can connect without doing login to user portal before.

Regards

We are seeing issues with NTLM/Kerberos authentication where the device name is authenticating with Sophos XG vs the user. It seems to be that some Microsoft services are causing this and it is causing blocked web access.

Ideally, it would be nice to see an option made available where you can filter out or prevent Sophos from Authenticating computer objects/devices in AD, and only to authenticate user objects.

Allow Public Key authenication method for XG SSL VPN clients. It would also be a bonus if keypairs could be generated within the GUI rahter than CLI.

Hello Team,

We have a customer here requesting to have much more user friendly two factor authentication for Sophos Connect 2.0. The current 2FA on XG like appending a 6-digit code to a password to gain access is not user friendly. Requesting if possible for sophos XG to support a third party 2FA that is much more easy to use and no need to enter the token or one time password.

For your assistance please.

Thank You

Administrators should be able to require users passwords to meet certain password criteria/complexity, Character length, Case, numeric, special characters.