Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How to configure CAA in sophos XG firewall


The Client Authentication Agent (CAA) is a lightweight agent for the sole purpose of authenticating users with the XG Firewall. Here in this article we will describe process to install client authentication agent to authenticate users with sophos XG firewall.


Please login to the firewall and click on authentication


Click on Client downloads

You can click on Download MSI or Download for windows and you need to click on “Download CA for MSI


You can also download CAA from the user portal as shown below

First log in to the user portal >> Click on Download client and then click on Download for windows

CAA client

Then create a firewall rule for users for authenticated users as shown below

Firewall rule

The above firewall rule indicates whoever the users are accessing internet they must be authenticated with sophos XG firewall.

Then enable the client authentication under Administration >> device access under specific zones as shown below and click apply.

Now we need to install the downloaded application and certificate.

To install the certificate type “certmgr.msc” in the run button in windows


The certmgr window will appear. Click on Action > All Tasks > Import. Follow the wizard and make sure to select the Sophos Client Authentication CA certificate that was downloaded and that it is installed in the Trusted Root Certification Authorities Certificate Store.


Now click on the application and login with the concerned credentials.

Hope this article helps you