VPN with Authentication Active Directory with enumeration blocked

Hi.

Anyone has configured Sophos XGS SSLVPN with Active Directory Authentication on AD with enumeration blocked?

After configure Server on XGS I can authenticate and retrieve groups/users without problem... My problem appears when try to authenticate user on VPN Portal/User Portal/SSL VPN... By the logs I can see a failure on search with filter sAMAccouname=xxxxxxx and result on user not found.

This is caused by blocked user enumeration on AD.

Is there any way to configure a Sophos to authenticate on AD with this configuration?

Added TAGs
[edited by: Raphael Alganes at 11:47 AM (GMT -8) on 13 Nov 2024]

0 Vivek Jagad 9 hours ago

Hi Tecnologias Imaginadas ,

Thank you for reaching out to the community, can you share the screenshot of the config ? And have you created a separate group for SSL VPN Users ? And under the Firewall authentication have you selected the SSL VPN group and what's the standard group set to Open ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Tecnologias Imaginadas 9 hours ago in reply to Vivek Jagad

Do you want configuration of what? Active Directory Server?

Yes, 3 groups I need to separate VPN Users are imported to Sophos.

Authentication for all services except Administration is set to this AD Server.

For firewall this is the configuration

but this is nothing to do with SSLVPN!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Vivek Jagad 9 hours ago in reply to Tecnologias Imaginadas

Are the SSL VPN users part of the group selected in the above config ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Tecnologias Imaginadas 7 hours ago in reply to Vivek Jagad

All of SSL VPN Users are part of domain groups, one of them for SSLVPN usage, as users are domain users, not local users!. Is this answering to you question?

One more time I ask what is have to do with VPN Portal and SSLVPN Authentication?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel