Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Authentication: Configurable RADIUS timeout

The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.

92 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Benjamin KatzBenjamin Katz shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • DanielDaniel commented  ·   ·  Flag as inappropriate

        I would also find this feature to be extremely useful. The ability to extend the RADIUS timeout would be an indispensable feature for those trying to integrate external dual factor authentication to the UTM's services such as WebAdmin, User Portal, VPN, etc...Andrew's suggestion seems to work, but it appears that you have to reset the change after some upgrades otherwise the timeout is too short again if using some sort of push authentication.

      • Andrew GAndrew G commented  ·   ·  Flag as inappropriate

        I have at least received this from Sophos Support:

        You may run: sudo vi /var/aua/AuaConfig.pm then edit the value for $radius_timeout.

        ***Please be informed that it is not adviseable to edit this settings and Sophos Support is not liable if in case there's an issue happened after updating this settings.***

        Doing this has stopped the timeout error but I haven't quite gotten it working, it only works when it's already cached the previous radius authentication

      • Radek HrubyRadek Hruby commented  ·   ·  Flag as inappropriate

        Hi Sophos, this has been requested back in 2012 - is it that hard to implement such a small change that might make your system compatible with many dual factor authentications???

      • jcgillettejcgillette commented  ·   ·  Flag as inappropriate

        I would like use two factor also with PhoneFactor with Microsoft Azur application

        Please can you add this functionality ASAP because other competing solutions have well this setting why not you ?

        Thanks

      • Anonymous commented  ·   ·  Flag as inappropriate

        I second this request. We are forced to have two factor authentication and PhoneFactor is pretty easy to roll-out.

      • Steve T.Steve T. commented  ·   ·  Flag as inappropriate

        I would really like to implement Phonefactor with our Sophos UTM but the timeout issue appears to be the only roadblock.

      • MARK-KDTMARK-KDT commented  ·   ·  Flag as inappropriate

        I second this request. Most of the tow factor authentication methods we have looked at are not compatible with the ASG. Our client base is moving towards two factor authentication.

      Feedback and Knowledge Base