Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sync with AD

Dear,

I would like some help on how I can do this or if there is a way to do something in the following case:

We have a client where his firewall is linked to AD, within his internal network, there are some employees who have access to VPN when they are at Home Office, but when they return from vacation, he changes the AD and removes the group that has access to the VPN and so it was for these employees to continue with internal access and lose access to the VPN, however when they do this, the employee who had their VPN access permission removed, continues with access to the portal, and still with permission connection to the VPN, blocking only occurs when the user is disabled or removed from AD, is there any way to perform this blocking or verification with AD, when Sophos will synchronize?

The equipment is an XG210 in version 19.5.3.



This thread was automatically locked due to age.
Parents
  • Hello, if the user is removed from the group in AD, he remains in the group in the firewall... have I understood that correctly?
    Is the VPN group the user's only group in the firewall?
    Since every user has to be in at least one group, that could be the reason.
    I would try adding another AD group. I can't test it myself until next week.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Hello, if the user is removed from the group in AD, he remains in the group in the firewall... have I understood that correctly?
    Is the VPN group the user's only group in the firewall?
    Since every user has to be in at least one group, that could be the reason.
    I would try adding another AD group. I can't test it myself until next week.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data