Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS Setting up LDAPS for authentication (Port 636) with Two DCs

Hey all,

I have a question that seems to not be addressed in any other related community forum I could find.

I have two DCs, one of them being the Primary DC and the other being the Backup DC. Both DCs are replicating changes to each other. In the current environment, they are both setup to use LDAP for authentication in the Sophos XGS firewall, not LDAPS.

I am wondering if the AD CS server feature which is required for the Sophos XGS firewall to use LDAPS for authentication would have to be installed on ONLY the Primary DC and not both. 

Any guidance for this would be greatly appreciated.

Thank you!



This thread was automatically locked due to age.
Parents Reply Children
  • Thank you for the guidance.

    I'm just going to share what happened when I implemented this because it seems to have worked.

    I installed the AD CS role on just the Primary DC, configured it, and then rebooted it to enable LDAPS. I tested LDAPS using ldp and it was working.

    I checked the Backup DC to see if the AD CS role was on it but it was not. However, running ldp to verify if LDAPS was enabled showed that it was.

    I configured both DCs in the Sophos firewall to use SSL/TLS with port 636 and it seems to be working when I tested connectivity for each DC from the Sophos firewall.

  • Thank you  for sharing the detailed information for community users' reference on the steps taken, I am glad to hear that you managed to fix the issue based on the suggested steps.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.