Sophos Xg Import Ad Users
You can add existing Active Directory users to Sophos Firewall. Add an Active Directory server, import groups, and set the primary authentication method.
Introduction
Sophos XG Firewall: How to configure Active Directory Server as authentication server for L2TP/PPTP users KB-000035735 03 30, 2020 1 people found this article helpful. In Active Directory, the default primary group for a user is Domain Users. AD primary groups will not be synced with XG Firewall because AD is not sending the primary group. If the user's primary group is changed to another, this leads to a different membership behavior in the Sophos Firewall.
You need to do as follows:
- Add and configure an Active Directory server on the firewall.
- Import AD groups using the Import group wizard.
- Set the primary authentication method so that the firewall queries the Active Directory server first.
Overview
This overview explains how Sophos Firewall uses Active Directory to authenticate users and manage access control.
When an Active Directory user signs in to Sophos Firewall for the first time, they are automatically added to the default group. If the user's Active Directory group exists in Sophos Firewall they are added to that group.
When a user signs in to Sophos Firewall, it authenticates the user by verifying them against the list of users created during the integration with Active Directory. When the user is authenticated, Sophos Firewall communicates with Active Directory to get additional authorization data for access control.
If your Active Directory server is down, the authentication request returns a Wrong username/password message.
Sophos Xg Active Directory Authentication
When you've configured multiple Active Directory servers, Sophos Firewall performs validation against your Active Directory servers in the order configured in the web admin console.