AD synchronisation user multiple user group memberships

Not Really. 

It is kinda complicated. 

XG has a "Primary Group". This group is displayed in XG as Primary Group and is used by the GUI etc. 

But XG "knows" all groups, which are created in XG itself (imported).

So basically if you have a User (called Bob) in two groups (Admin & User). 

First Match will match the Primary Group in the Group tab. 1. Admin 2. User.

Bob will be shown as a Admin in XG.

If you create a Firewall policy (first match) with User Group in it, it will match to Bob aswell. 

Unfortunately, there is a bug in XG right now in Policy Tester. Policy Tester will only show matching Group (Primary Group) while XG will use the "real" group. 

You can easily test this with the example above. 

But do not forget, this will get "REALLY" messy afterwards, if you setup a complex ruleset with multiple groups.

Even Nested Groups work, if you create them. 

Unfortunately this does not seem to be working properly with the Hotspot Administration.

I have an XG310 with SFOS 18.0.0 GA-Build354.

I have enabled WiFi Hotspot for voucher creation.

In the active directory I have created a separate group with users that are allowed to create vouchers.

These users are also part of a different group defining SSL VPN permissions.

When I log onto the user portal with one of the users in question I do not see the "Hotspot" area in the portal, only the one for " SSL VPN".

Unfortunately this does not seem to be working properly with the Hotspot Administration.

I have an XG310 with SFOS 18.0.0 GA-Build354.

I have enabled WiFi Hotspot for voucher creation.

In the active directory I have created a separate group with users that are allowed to create vouchers.

These users are also part of a different group defining SSL VPN permissions.

When I log onto the user portal with one of the users in question I do not see the "Hotspot" area in the portal, only the one for " SSL VPN".