Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 13393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory Integration (Loose Or Tight)

FaheemSarwar

Dear All, 

i am new to Sophos XG firewall. we have been using Sophos web appliance since a while and we managed all our AD users in custom groups we made in Web appliance and assigned different policies to different groups. there are only 2 OU in AD which categorize almost 600 users in our environment.

we have also tried Cyberoam UTM (now acquired by Sophos), which has two options for authenticating with AD, "loose integration" & "tight integration". for the purpose of managing users in custom groups regardless of AD categorization, we must choose "loose integration".

i cant seems to find the "loose integration" option in XG firewall which means that i have to reorganize my web appliance user groups in AD.

what i wonder about is that: if there is no loose integration option available in XG firewall then what is the purpose of custom user groups.

Regards,

Faheem



This thread was automatically locked due to age.
  • 0

    Faheem,


    use the following article to integrate XG with AD.

    https://www.sophos.com/en-us/support/knowledgebase/123156.aspx

    At the moment this is the only method which allows the XG to talk with Active Directory architectures.

  • 0 in reply to lferrara

    HI lferrara,

    Thanks for the reply. I have read the article and I am willing to give it a try. but can I be able to manage AD users in custom groups after that ?

    Regards,

  • 0 in reply to FaheemSarwar

    Faheem,

    I do not know if I have understood your question but once the AD group has been imported into XG, you can add AD users in another local group on XG and create all the rules you want (directly on the AD group or XG local group).

  • 0

    Hi Faheem, just to confirm part of your original question.

    As you have figured out the XG firewall has only implemented the the equivalent of Tight Integration from the Cyberoam platform, the platform still supports custom groups for environments where you might not be using Active Directory Integration.


    I would suggest that instead of managing the custom groups on the appliance you do this in Active Directory, of note the group matching is name based so if both OU's had a group with exactly the same name the members would be accumulated into a single permission group on the XG.

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • 0

    Hello Faheem,


    Currently XG supports only tight integration,


    you can add feature request at  http://feature.astaro.com/forums/330219-sophos-xg-firewall to get loose integration support in XG

    Regards,

    Vivek

Unfiltered HTML