product icon

Sophos XG Firewall VPN configuration for the LastPass Universal Proxy RADIUS protocol

    This is a step-by-step description of how to configure Sophos XG Firewall VPN for LastPass Universal Proxy using the RADIUS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

    About this task:
    Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service. Make sure that either PAP or CHAP is enabled and used.

      Configure the RADIUS server:

      1. Log in to the Admin Console, go to Configure > Authentication > Servers and click Add.
      2. In the Server type field, select RADIUS server.
      3. Set the following fields:
        Server name
        The name of the server.
        Server IP
        The IP address of Universal Proxy.
        Authentication port
        Accounting port
        Shared secret
        RADIUS shared secret, which is configured on the LastPass Universal Proxy.
        Group name attribute
        Alias for the configured group name which is displayed to the user.
      4. Click Save.

      Set your server as the primary authentication method:

      1. In the applicable authentication methods set the following:
        1. In the Authentication Server List, select the server you configured.
        2. Move the server to the first position in the Selected Authentication Server list.
      2. Click Apply.
    Results: The Sophos XG Firewall VPN has been configured.