Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 41 subscribers
  • Views 20562 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration from Cyberoam to Sophos

PrakashK

Hi

I have Migrated from Cyberoam CR100iNG to SFOS 15.01.0


1. We had AD connection with authentication loose and tight. But Now in Sophos, when ever I set user to particular group which we have created, but it goes back AD default Group.


I have tried several times changed and saved, again it goes back to default group.


2. When ever I have tried connecting to SSL VPN to connect. My user changes group to default Group.


Please advise

Regards

Prakash



This thread was automatically locked due to age.
  • 0
    Did this ever get resolved. We have the same issue occurring under the same circumstances.

    David
  • 0

    If you want users to be in a different group in CR when compared to AD then ensure that you've done loose integration with AD while adding the authentication server in CROS. If it still doesn't work then report it to CR support.

    However, if you have upgraded to SFOS then you'll need to move the user in AD to the right group. As SFOS only supports AD integration in tight mode as of now.

  • 0 in reply to AnuragSingh
    Thanks for your reply,

    docs.sophos.com/.../Cyberoam to Sophos Migration Guide.pdf

    looking at the SFOS / Cyberoam migration manual (page 15) I found this:

    Identity
    For integration with an Active Directory (AD) Server, Integration Type ‘Loose Integration’ has been
    discontinued. By default, SF Device will integrate with an AD Server with Tight Integration. If you have
    configured your AD Server with Loose Integration, on migration it will be converted to Tight Integration.

    I will contact support.
  • 0 in reply to DavidLester
    Yes - you are right. Loose integration option with AD is not available in SFOS. Thus, you'll need to move the user in AD instead of moving the user locally in Cyberoam database. You should request the support to find out if this feature is coming back in next release of SFOS.
  • 0 in reply to AnuragSingh
    The situation has been resolved, with a work around on the Active Directory.

    1) Follow the advice given in the Group membership behaviour with Active Directory, paying particular attention to the group order in SF.
    2) Adjust the grouping in the AD so that the group is matching to SF and the are no security issues.

    The SFOS not only adjusts the group from the AD but knows what other groups the user is in. If any of those groups match any 'deny website access' group in SF the deny will override the 'allow access group'
Unfiltered HTML