Hi,
For a project I'm working with it is required to allow remote users with company provided laptops. This laptops are intended for business purposes only and should start a vpn to the in-house XGS firewall and block any direct connection to Internet. Any network connection has to be inspected by the XGS.
Authentication of users will be done using Azure AD, both in the VPN and in the user login process... Can this be done? I mean, I need the computer to authenticate the user against Azure AD, but I don't want it to access any Internet resource until it is connected to the VPN and that traffic can be inspected by the firewall.
I appreciate your comments.
Hello Eduardo,
Thanks for reaching out to Sophos Community and hope you are well.
Kindly check out this thread from Microsoft Community that also asks the same use case and this likely leans toward the end machine configuration: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/is-it-possible-to-use-azure-ad-without-internet/m-p/313171#M5427
Please take note of this restrictions for your use case (If you are using Azure AD for user authentication aside from Web Admin Console this is not be possible as of the moment)
https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/Servers/AzureAD/index.html#role-and-group-mapping
Further, If you are still keen for what the Sophos Firewall feature might offer. I may also recommend you to reach out to you local Sales Engineer/Partner or Professional Services as this seems likely to be an implementation/deployment activity and I believe they will be able to provide light on this use case on an implementation standpoint.
Hope this helps. Have a nice day and thank you for choosing Sophos.
Cheers,
Raphael AlganesCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.