Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Create multiple AD Server entities in SFOS for multi domains

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Table of Contents

Overview

This recommended read describes the steps for a workaround allowing Multiple domains with a Single AD Server having multiple entities.

Limitations

SFOS uses the Domain under AD Server Domains to authenticate several modules. This field is a single-use field and mandatory

On CONFIGURE>Authentication>Servers

In some setups, an AD Server can serve multiple Domains at the same time. For example, Domain.com and example.com. 
If we try to set up this in SFOS, it’ll block the configuration as the IP Address is a unique object.

See the reference screenshot below:

Workaround

We can build a workaround for this behavior in SFOS and create those server(s) with a small adjustment. 

SFOS allows its own DNS entry. Under CONFIGURE>Network >DNS>DNS Host Entrythen click Add.

We can create the same AD Server multiple times with its own Hostname/DNS.
This hostname can be used with every domain we want to create.  By doing this, the AD Server can now serve multiple Domains simultaneously.




Revamped
[edited by: Erick Jan at 2:58 AM (GMT -8) on 16 Dec 2024]