Sophos XG Firewall VPN configuration for the LastPass Universal Proxy RADIUS protocol

This is a step-by-step description of how to configure Sophos XG Firewall VPN for LastPass Universal Proxy using the RADIUS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

About this task:

Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service. Make sure that either PAP or CHAP is enabled and used.

Configure the RADIUS server:

Log in to the Admin Console, go to Configure > Authentication > Servers and click Add.
In the Server type field, select RADIUS server.
Set the following fields:

Server name

The name of the server.

Server IP

The IP address of Universal Proxy.

Authentication port

1812

Timeout

60

Accounting port

Blank

Shared secret

RADIUS shared secret, which is configured on the LastPass Universal Proxy.

Group name attribute

Alias for the configured group name which is displayed to the user.
Click Save.

Set your server as the primary authentication method:

In the applicable authentication methods set the following:
1. In the Authentication Server List, select the server you configured.
2. Move the server to the first position in the Selected Authentication Server list.
Click Apply.

Results: The Sophos XG Firewall VPN has been configured.