Add an Active Directory Server on Sophos XGS

Hi support,

I have a few questions on configure Active Directory authentication on my XGS.

I have followed the guide here:

Configure Active Directory authentication - Sophos Firewall

When I open the VPN portal, I cannot login using my AD user account?

If I add a new user in the AD, does it mean I have to import on the firewall all the time in order to use the VPN?

Isn't it setting the Primary authentication method to my_AD_Server is suppose to be able to authenticate with my AD already?



Edited TAGs
[edited by: emmosophos at 5:20 PM (GMT -7) on 18 Jul 2022]

Top Replies

  •  Hi TobLai

    No, new added user on AD user group not to be imported all the time.When you add a new user on existing group on AD, you don't have to import the user as user "group" is already imported on Sophos…

Parents
  • Hi TobLai

    Thank you for reaching out to the community, please verify you have check mark "User portal authentication methods"  AD under CONFIGURE-->Authentication-->Services as below, you can drag and keep AD on TOP

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Yes, it is marked as Set authentication methods same as firewall. In the login portal, do I have to type in the domain name at the front 

    Domain\TobLai or something?

  •  Hi TobLai

    Please login with AD user with username and password, if not able to login please share authentication logs under Log Viewer 

    Please make sure you have already imported the user group on Sophos XG, if you add user/s on same group on AD server it will get syn.

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Just on the other question:

    If I add a new user in the AD, does it mean I have to import on the firewall all the time in order to use the VPN? 

    Isn't it setting the Primary authentication method to my_AD_Server is suppose to be able to authenticate with my AD already?

  •  Hi TobLai

    No, new added user on AD user group not to be imported all the time.When you add a new user on existing group on AD, you don't have to import the user as user "group" is already imported on Sophos XG, user from same group will get syn on Sophos firewall and you can check by login the user on user portal or Captive Portal 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  •  Hi TobLai

    No, new added user on AD user group not to be imported all the time.When you add a new user on existing group on AD, you don't have to import the user as user "group" is already imported on Sophos XG, user from same group will get syn on Sophos firewall and you can check by login the user on user portal or Captive Portal 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children