This article describes the steps to integrate Sophos Firewall with Active Directory (AD) for users authentication and access control.
When an AD user login to Sophos Firewall for the first time, the user is automatically added as a member of the default group. If the AD group of the user exists in Sophos Firewall, then the user is added as a member of that group.
All users have to be authenticated by Sophos Firewall before accessing any resources controlled by Sophos Firewall. The user sends the login request to Sophos Firewall. Sophos Firewall, in turn, authenticates the user by verifying the request against the directory objects that is created during the integration with AD. Once the authentication succeeded, Sophos firewall communicates with AD to get additional authorization data for access control.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
From Active Directory, go to Start > Administrative Tools > Active Directory Users and Computers. Right click the required domain and go to the Properties tab.
Search Queries are based on the domain name (DN). In this example, domain name is sophos.com, so the search query is: dc=sophos, dc=com
Go to Authentication > Servers and click Add to configure the Active Directory.
Go to Authentication > Services, under Firewall Authentication Methods, select the recently added AD server as the primary authentication server.
Local server is selected as primary by default. Make sure that the recently added AD server is the first in the Selected Authentication Server list.
You can import AD groups in Sophos Firewall using the Import Group Wizard Help. Refer to Sophos Firewall: How to import Active Directory OUs and groups for detailed instructions.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.