Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=protected-browser-troubleshooting

Troubleshooting

Troubleshoot Protected Browser issues.

ZTNA and Protected Browser use case

Agentless RDP or SSH resource isn't added

Issue

Adding or editing an agentless RDP or SSH resource in ZTNA or in an application group in Protected Browser fails.

What to do

Make sure all users in user groups have a valid email address.

To check this, do as follows:

  1. Go to My Environment > Users & Groups > Users.

  2. Check the Email column.

    Email column.

  3. In your directory service, or in Sophos Central if you've added users manually, add a valid email address for users who don't have one.

Network unreachable or failed to make the connection

Issue

If ZTNA uses an identity provider (IDP) such as Okta or Entra ID, but the user signs in to Protected Browser with their Sophos ID or as a local user when accessing an SSH or RDP app behind a ZTNA gateway, authentication may fail with the "Network unreachable" or "Failed to make the connection" error messages.

What to do

If an IDP is configured in ZTNA, users must sign in to Protected Browser through the configured IDP when accessing SSH or RDP apps behind a ZTNA gateway.

Access issues

User can't sign in to Protected Browser

Issue

Signing in to Protected Browser fails for a user.

What to do

To resolve this, try the following solutions:

  • Check whether the user has access to Sophos Central Self Service Portal. Do as follows:

    1. Go to My Environment > Users & Groups > Users.

    2. Check the Role column.

      Role column.

      The Role column must show SelfService.

      Alternatively, you can click the name of the user in the table. If the user has access to Sophos Central Self Service Portal, the text under the profile photo will be SelfService.

      Role in the user page..

    To give Self Service Portal access, see Give Self Service Portal access.

  • Make sure the user's email address isn't associated with multiple Sophos Central accounts.

SSH access to a known host fails

Issue

When you're accessing a known host using an SSH client, you get the following error message:

"Host key verification failed"

This might happen when a server's key changes legitimately, for example, after a reinstallation.

What to do

To resolve this error, do as follows:

  1. Remove the host's old key from your device.

    This may vary based on the SSH client you're using.

    For example, in your SSH client, click Clear known host.

    Clear known host option.

  2. Accept the new key when you reconnect.