Please add Information to FAQs for Active Directory users and groups
maybe I already asked for that.
Draft:
User groups imported from AD
+ Does the firewall resolve staggered / nested AD group memberships?
A: No. If you use staggered / nested groups (Make one group member of an other group) in AD, firewall will not resolve the memership of the sub-groups. You must import each of the staggered / nested groups using the import assistant.
See:
https://community.sophos.com/sophos-xg-firewall/f/discussions/137610/ad-authentication-nested-staggered-groups-not-working/511161
