Hardware, Installation, Up2Date, Licensing AD integration need to be reset when slave become master

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 1 reply
Subscribers 5 subscribers
Views 1643 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD integration need to be reset when slave become master

BENOITLORAND over 6 years ago

When UTM change master device, all our web navigation are block with error "the site is deny by administrator".

I have found two solution :

1- Redo the ad integration but the issue occur at the next switch
2- come back to the primary node

I think there is a bug where the ad integration isn't fully synchronized between master and slave node

Does someone experiencing the same ?

Do you think this https://community.sophos.com/kb/en-us/126823 is the solution to my issue. I haven't try it at now

Best regards,

Benoit

This thread was automatically locked due to age.

Parents

0 BAlfson over 6 years ago

Salut Benoit,

When having unexplained issues with SSO, it's always a good idea to unjoin (attempt to join with incorrect credentials) and then to rejoin the UTM to the domain.

Another issue can be using NTLM instead of Kerberos as NTLM is less reliable with the UTM. Configuring Proxy Settings explicitly with an FQDN causes the Proxy to use Kerberos to authenticate against AD. Using a numeric IP or selecting 'Automatically detect settings' in the GPO results in the Proxy using NTLM.

Did either of those work for you?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 6 years ago

Salut Benoit,

When having unexplained issues with SSO, it's always a good idea to unjoin (attempt to join with incorrect credentials) and then to rejoin the UTM to the domain.

Another issue can be using NTLM instead of Kerberos as NTLM is less reliable with the UTM. Configuring Proxy Settings explicitly with an FQDN causes the Proxy to use Kerberos to authenticate against AD. Using a numeric IP or selecting 'Automatically detect settings' in the GPO results in the Proxy using NTLM.

Did either of those work for you?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data