Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1466 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When I do an AD connection to get the group membership and users to be used in Policies, Webfilter etc. ...

BeEf

.... I am not sure how this is handled in the current Version 17.5:

- Can you only Import the Groups/Members? If yes how can this be updated?

- Are dynamic groups also working?

- I have read that group nesting does not work. Is this true?

 

Are there other liminitations on the import of users/groups?

Do the same limitations hold for administrative groups/users?


If yes is Sophos working to release these limitations? Our goal is to administrate as much in AD as possible.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thanks.

     

    This is a kind of weird implementation as the group membership seems to be not very deterministic especially when new groups are introduced or the primary group membership is changed ... Probably it is a good Idea to make sure that the user is only member of one "Sophos Group" (that has no other functions on the AD side) and never use these groups as primary groups.

     

    So referring to 

    • When importing groups in Sophos Firewall, users belong to these groups are not imported instantly, but each user will be imported during its first authentication against Sophos Firewall.

     

    the group membership is dynamic whereas groups need to be imported manually.

  • +1 in reply to BeEf

    Authentication can be done by many facilities like STAS, Sync-sec User ID, NTLM, User Portal etc. 

    Each time, XG will refresh all information about this user and change the group, if needed.