I am configuring SSL VPN for my network. Only a subset of our users should have access to the VPN, and I would like to manage this through Active Directory groups.
I am using Active Directory authentication for the SSL VPN; I tried RADIUS, but I am using Windows NPS, and it fails unless configure NPS to allow authentication using unencrypted PAP. Unfortunately, I need to authenticate non-VPN users through Active Directory as well, so I am not able to configure the authentication servers to use more restrictive search queries.
I found a thread for Sophos UTM that sounds like exactly what I want; "Backend Groups."
Using Active Directory to Authenticate Selected VPN Users
https://community.sophos.com/products/unified-threat-management/f/vpn-site-to-site-and-remote-access/75448/using-active-directory-to-authenticate-selected-vpn-users
How can I achieve this in Sophos XG? If not exactly this, are there any reasonable workarounds? I tried adding another Active Directory Server entry that points to the same active directory server, but uses a more restrictive search query, but Sophos XG rejected it due to it having the same IP address.
This thread was automatically locked due to age.