Got an email for the new release but the link is broken.
Hi XG Community! We've released a new build of XG Firewall v18 MR-3. Enhancements in v18 MR-3 Security enhancements: Several security and hardening enhancements - including SSMK (secure storage master key) for the encryption of sensitive data.... more
I agree with the update time, although I do not have the update tot he AP Firmware yet, very odd, my system is a Partake I7 with VMWare VSphere 6.7 installed, and then the Guest instances have VMXNet3 NICs and it is configured in HA (A/P).
... scrub that after logging out and logging in the new AP firmware has appeared, yay
XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW) Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!
Prism, latest news I can give you on that issue is that is is currently in backlog for v19. I will talk to the engineering team responsible to see if it can be pulled in, but there is a lot in the backlog and I can't commit at this stage.
Also another thing, since on v18 MR2 Snort has been pushed to the latest version (2.9.16) is there any chances we will see Snort 3 on v18.5/v19 ? I'm asking this since Snort 3 already got out of beta, and will be soon GA by the end of the year.
If a post solves your question use the 'Verify Answer' button.
SNORT 3 has been in Beta for so long that we had to decide to go for the latest shipping and supported version. I know it may seem like it should be the case, but it's not a matter of dropping in a binary or a library. SNORT is a very tightly integrated and customised component of SFOS, V3 is on our radar but not in the near future.
Choose an AD group that will constantly synced with the XG. I can import groups and the including members, but if I remove a user from the group at AD, the access at the XG is not removed. At least this is my last experience a few MR's ago.
Choose an AD group that will constantly synced with the XG. I can import groups and the including members, but if I remove a user from the group at AD, the access at the XG is not removed. At least this is my last experience a few MR's ago.
Removing a user from an ad group does - in my opinion - not block him from authenticating against the firewall. From my understanding he will be then assigned to the default group "Open Group". Please check this.
XG will not delete the user in this phase. It will simply authenticate this user in the next authentication phase. So if the user is removed from a group or inactive in AD, XG will try to talk to the AD. AD will tell XG the current status.
If the user is placed on XG, does not matter, as XG will not grant access without the matching group and the correct password.
But from what I understand, removing a user from an ad group should only put him back to the default group. Therefor the user will be able to access the user portal, even when not having any permission assign inside the default group, am I correct?
This is something I would love to see, like in Sophos SG, so being able to specify group membership for such firewall services and don't sync users, that could not authenticate against the firewall based on the permission scope, if you understand what I mean ;)
