Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
In Sophos XG Firewall version 17.5, Synchronized User ID authentication was introduced. Synchronized User ID will share domain user account information from the client machine the user is logged into with the firewall via Heartbeat. The Firewall will then check the user account against the configured AD server and activates the user. Synchronized User ID will only work with Active Directory configured as an authentication server in XG Firewall and it is currently supported for Windows 7 and Windows 10 machines. No agents are required on the server or clients, nor does it share or utilize any password information. Synchronized User ID does not work with other directory services, and it will not recognize local users.
Sophos Endpoint utilizes Windows logon information to authenticate against the Sophos XG Firewall, which in turn may be used to trigger user-based policies and general user authentication on the firewall.
Applies to the following Sophos products and versions Sophos Firewall v17.5
The XG firewall Synchronized User Identity authentication process is described as follows:
If the client Heartbeat is lost or missing, the heartbeat daemon will logout the user from the firewall as a Synchronized ID user, however other client authentication mechanisms may still apply.
In the unlikely event where the Synchronized User ID feature becomes troublesome, Synchronized User ID authentication may be disabled:
service access_server:restart -ds nosync
Note: To re-enable Synchronized User ID authentication do the following:
UPN must be identical to sAMAccountName to make the login successful as the sAMAccountName is used by the XG Firewall and not the UPN.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.