Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 1657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall in HA - How many computer accounts should you see in Active Directory

Marcel Micallef

Hi All,

We have 2 Sophos XG Firewalls setup in HA and using NTLM / Kerberos authentication.  

We notice that in Active directory there is only one firewall computer account showing and was wondering if that is ok or if there should be 2 accounts ( one for each firewall ).

If there should be one for each firewall then how does one go about it to create the second one ?

thanks



This thread was automatically locked due to age.
Parents
  • 0

    Just wanted to look into the general usage of Kerberos/NTLM: Why do you use it in general? I see a lot of UTM customers migrating to SFOS and seeing Kerberos as the "go to option" while there are other, maybe more suitable options out there. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    In my case, Kerberos is ideal it enables users to automatically authenticate to sophos without the need of any clients to be installed on the PC. Another thing is that with kerberos authentication you simple authenticate against the domain and as such on the domain controller there is no need to install any interface as well thus making it simpler in my opinion.

Reply
  • 0 in reply to LuCar Toni

    In my case, Kerberos is ideal it enables users to automatically authenticate to sophos without the need of any clients to be installed on the PC. Another thing is that with kerberos authentication you simple authenticate against the domain and as such on the domain controller there is no need to install any interface as well thus making it simpler in my opinion.

Children
No Data
Unfiltered HTML