Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Sophos XG: Active directory group membership working process

Here in this article we will learn group membership working methodology when user authenticate with the firewall.

Before going through this article, please look into this article and understand how to imports the groups from active directory

https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/learningContent/AuthenticationConfigureActiveDirectory.html

Issue: Once the user authenticates with user portal, user is falling under open group instead of his own group under active directory.

Resolution:

First verify users settings in active directory

From Active Directory, go to Start > Administrative Tools > Active Directory Users and Computers > Users. Right-click the required user, select Properties and go to the Member Of tab.

Active directory Groups
User Settings

Here in these settings we will be able to understand users primary group and all the other groups.

By default active directory will not send user information of primary group (in the above screenshot it is domain users) to the sophos XG firewall. Once successfully authenticated, the user is imported in Sophos Firewall and mapped to the first group in the list, which is Group A.

Go to Authentication > Users and verify the group of the user.

XG firewall user group
Group A user

In case if sophos XG firewall admin did not import the Group A to the firewall, then the user will fall under open group because the group A is not present on the firewall.

Hope this article helps you.