On XG210_WP03_SFOS 17.1.1 MR-1 with users that will be on the Sophos vpn client software. Some will connect to vpn from domain laptops and others on personal non-domain devices. All will authenticate using their AD accounts. Would a combination of Sophos Clientless SSO / Sophos Transparent Authentication Suite (STAS) to populate users in the XG + per-user firewall rules be the right approach to accomplish per-user access control between the vpn network and internal network? Interested in having users within an AD vpn group already populated in the XG without having to ask them to sign into a portal first before the firewall rule can be built out for them. When there is conflict in the overlap between firewall rules vs vpn policy ip/subnet access control what's the logic in how they are combined? The other approach I was considering is creating per-user AD groups combined with per-user ssl vpn policies in the XG which shouldn't require the xg to be immediately aware of the usernames, only their group. Looking at 200-400 AD groups and XG vpn policies or 200-400 firewall rules either way. Thanks
This thread was automatically locked due to age.