SG VPN User Network

On the SG we had a object called "User Group Network" which included all current SSL VPN connections for a specific group.

We used this a lot in firewall rules. Is there something similar on the XG? or do i have to apply all firewall rules the full VPN Lease Range?

  • Hello flomb,

    Thank you for contacting the Sophos Community!

    The "User Group Network" in the UTM is attached to Active Directory Users and Super Admins, by default. Which is basically a group. 

    In the XG the default groups are Open Group, Clientless Open Group, and Guest Group.

    Since the XG is a zone based firewall in the Firewall rule you always need to add the Source Zone Source Network and Destination Zone and Destination Network, and under identity check Match known users and select the group that you want to match this Firewall rule.

    For example in the XG by default all users are part of the OpenGroup, so you could create a Firewall for VPN like this

    Regards,