Hello All,
I have a problem with the Firewall rules and Active Directory groups. I want to be able to allow Domain Users of a specific group to access specific services. For example, all Domain Users can access an external RDP service but not local users. Here is what I have done:
1. Joined Sophos host to the domain
2. Added a server which authenticates to the AD, all tested and working
3. Created a new group in Sophos groups to get all the Domain Users
4. Verified that the group can be seen from Sophos. I tested using a normal Domain User account
5. Created a new firewall rule to allow the above created group to access a RDP service externally
6. Create a firewall group to block all the rest from access RDP externally
7. Activated both rules
8. With this setup, the domain administrator failed to RDP externally
9. I disabled the rule number 3 and the domain administrator user was able to access the external RDP service.
That means that the rule number 2 was not correct because if it were, it would have allowed the domain administrator to access the remote RDP before it reached rule number 4.
Could you please let me know what I'm doing wrong? Unfortunately I can't find anything online that resolves my issue.
Thanks!
This thread was automatically locked due to age.
