Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 41 subscribers
  • Views 20561 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration from Cyberoam to Sophos

PrakashK

Hi

I have Migrated from Cyberoam CR100iNG to SFOS 15.01.0


1. We had AD connection with authentication loose and tight. But Now in Sophos, when ever I set user to particular group which we have created, but it goes back AD default Group.


I have tried several times changed and saved, again it goes back to default group.


2. When ever I have tried connecting to SSL VPN to connect. My user changes group to default Group.


Please advise

Regards

Prakash



This thread was automatically locked due to age.
Parents
  • 0

    If you want users to be in a different group in CR when compared to AD then ensure that you've done loose integration with AD while adding the authentication server in CROS. If it still doesn't work then report it to CR support.

    However, if you have upgraded to SFOS then you'll need to move the user in AD to the right group. As SFOS only supports AD integration in tight mode as of now.

  • 0 in reply to AnuragSingh
    The situation has been resolved, with a work around on the Active Directory.

    1) Follow the advice given in the Group membership behaviour with Active Directory, paying particular attention to the group order in SF.
    2) Adjust the grouping in the AD so that the group is matching to SF and the are no security issues.

    The SFOS not only adjusts the group from the AD but knows what other groups the user is in. If any of those groups match any 'deny website access' group in SF the deny will override the 'allow access group'
Reply
  • 0 in reply to AnuragSingh
    The situation has been resolved, with a work around on the Active Directory.

    1) Follow the advice given in the Group membership behaviour with Active Directory, paying particular attention to the group order in SF.
    2) Adjust the grouping in the AD so that the group is matching to SF and the are no security issues.

    The SFOS not only adjusts the group from the AD but knows what other groups the user is in. If any of those groups match any 'deny website access' group in SF the deny will override the 'allow access group'
Children
No Data
Unfiltered HTML