Here in this article we will discuss how to integrate active directory with sophos XG firewall.
First we need to login to sophos XG firewall GUI and click on authentication and click on servers tab as shown in below image
Now click on ADD option and fill the required details and here in the below image sample details are listed
Server type: In the server type select active directory, you can also select radius server, TACACS server or edirectory based on your requirement. Here in this article we will focus on configuring active directory.
Server Name: Enter any name.
Server IP/domain: Enter the active directory IP, that should have connection to the XG firewall.
Connection Security: You can keep it as secure or non secure, if you use SSL/TLS communication SSL appliance CA must be installed in active directory.
Port: If you use connection security as plaintext, you need to use port 389 and if you use secure connection you need to use port 636.
NETBIOS Name: You can find NETBIOS in active directory.
ADS username: You need to enter active directory administrator user name.
Password: Administrator user password.
Validate certificate: If you enable this option CA of AD must be installed in sophos XG.
Display name attribute (optional): Enter the display name of the user.
Email address attribute (optional): Enter the email name.
Domain name: Enter the active directory domain name.
search queries: click on add and enter the search queries. For example, if your domain is “sophos.com” then in the search queries you need to enter “dc=sophos,dc=com“
Then click on test connection, it should successful.
Now you have integrated active directory with sophos XG. it’s time to setup respective authentication methods to active directory. You should set authentication server as active directory.
Go to services tab under authentication as shown in below image
Suppose if you want to configure active directory as primary authentication for user portal, you need to set up like in the image shown below
In a similar way, we can configure active directory as primary authentication for all services in sophos XG firewall based on your requirement.
Hope this article helps you