Good Afternoon,
We have a Sophos Web Appliance v3.7.9 Load Balanced cluster. I believe that the appliances are deployed in Explicit mode and we are authenticating all requests. We have two separate forests containing users. We have a full forest trust between the two forests.
From our testing:
The Sophos Web Appliance will only syncronise with one active directory forest.
The Sophos Web Appliance will only authenticate a security group that directly contains users.
The Sophos Web Appliance will not authenticate a user or group from another domain.
The Sophos Web appliance will not authenticate the users of a nested Security Group structure.
We need to be able to authenticate the users from both forests using one of two methods.
1. Allow the Sophos Web Appliance to syncronise with multiple Active Directory Domains.
2. Allow the Sophos Web Appliance authenticate the users of a nested group structure (users from forest B in security group B nested into security group A in forest A)
Can anyone help us in understanding if this is in fact a limitation of the product? Or if we should deploy our Sophos Web Appliance product in a different configuration to address the issues that we have encountered above?
This thread was automatically locked due to age.