Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Maximum limit for authentication server is 20

Hello,


i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed to add as authentication services. UTM didnt have these restrictions. We reached out to the support and there is no solution for this and there wont ever be a change to this limitation due to the fact its not how the majority of Sophos customers use the product.


We already tried using Active Directory trust to try out the possibilities but it didnt work out. Is there anyone maybe in the same boat? How did u solve that? Or is there anyone with an idea how to solve that?


Thanks!



This thread was automatically locked due to age.
Parents
  • So this limitation only affect customers with "a lot of domains". Talking about 20+ domains. Not many customers are really effected to this limitation due the nature of "implementation". Meaning: Per firewall site, there is not that many domains available. Most costumers with 20+ domains have also a lot of sites, which make a domain more or less also a limited to one site. (For example, a customer bought multiple companies but those companies do not integrate with each others, so they do not really need all the domains on one firewall).

    So to speak: i am wondering, what kind of "hosting" you are doing? Can you give us more details about this? Because due the Sophos EULA, a hosting could be not possible: https://www.sophos.com/en-us/legal/sophos-end-user-terms-of-use 

    2.3 Restrictions. Except as specifically permitted in this Agreement, Customer will  not (and will not allow an Affiliate, User, or third party to), directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize, or otherwise transfer rights to, or usage of, all or any portion of the Product, or provide the Product on a timesharing, service bureau, or other similar basis; 

    So you are hosting this service of the UTM to sub customers? Because nowadays, you could do this by using SFOS in a MSP Term and per customer one firewall.

    Sub hosting a UTM also has some GDPR concerns, as you mix data between customers. GPDR/DSGVO was not a thing, when many UTM partners implemented there solutions, but nowadays it needs to be re evaluated. 

    __________________________________________________________________________________________________________________

Reply
  • So this limitation only affect customers with "a lot of domains". Talking about 20+ domains. Not many customers are really effected to this limitation due the nature of "implementation". Meaning: Per firewall site, there is not that many domains available. Most costumers with 20+ domains have also a lot of sites, which make a domain more or less also a limited to one site. (For example, a customer bought multiple companies but those companies do not integrate with each others, so they do not really need all the domains on one firewall).

    So to speak: i am wondering, what kind of "hosting" you are doing? Can you give us more details about this? Because due the Sophos EULA, a hosting could be not possible: https://www.sophos.com/en-us/legal/sophos-end-user-terms-of-use 

    2.3 Restrictions. Except as specifically permitted in this Agreement, Customer will  not (and will not allow an Affiliate, User, or third party to), directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize, or otherwise transfer rights to, or usage of, all or any portion of the Product, or provide the Product on a timesharing, service bureau, or other similar basis; 

    So you are hosting this service of the UTM to sub customers? Because nowadays, you could do this by using SFOS in a MSP Term and per customer one firewall.

    Sub hosting a UTM also has some GDPR concerns, as you mix data between customers. GPDR/DSGVO was not a thing, when many UTM partners implemented there solutions, but nowadays it needs to be re evaluated. 

    __________________________________________________________________________________________________________________

Children
No Data