Sophos XG Firewall VPN configuration for the LastPass Universal Proxy LDAP protocol

This is a step-by-step description of how to configure Sophos XG Firewall VPN for LastPass Universal Proxy using the LDAP protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

About this task:

Note: As Sophos XG Firewall handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.

Configure the LDAP server:

Log in to the Admin Console, go to Configure > Authentication > Servers and click Add.
In the Server type field, select LDAP server.
Set the following fields:

Server name

The name of the server.

Server IP/domain

The IP address of Universal Proxy.

Port

389

Version

3

Bind DN

The admin user name configured for LDAP authentication in the following format: CN=Administrator,CN=Users

Password

The LDAP admin user password.

Connection security

Simple

Base DN

The Base DN under which the users are located, in the following format: DC=domain,DC=country_code.

Authentication attribute

sAMAccountName

Email address attribute

mail

Group name attribute

Alias for the configured group name which is displayed to the user.

Expiry date attribute

date
Click Save.

Set your server as the primary authentication method:

Go to Authentication > Services.
In the applicable authentication methods set the following:
1. In the Authentication Server List, select the server you configured.
2. Move the server to the first position in the Selected Authentication Server list.
Click Apply.

Results: The Sophos XG Firewall VPN has been configured.