XG V18 MR3

Got an email for the new release but the link is broken.

Hi XG Community! We've released a new build of XG Firewall v18 MR-3. Enhancements in v18 MR-3 Security enhancements: Several security and hardening enhancements - including SSMK (secure storage master key) for the encryption of sensitive data.... more

Page not found ...

PMStuart Any plans for an improved AD sync feature? 

SNORT 3 has been in Beta for so long that we had to decide to go for the latest shipping and supported version. I know it may seem like it should be the case, but it's not a matter of dropping in a binary or a library. SNORT is a very tightly integrated and customised component of SFOS, V3 is on our radar but not in the near future.

In what respect Jonnie?

Thanks; This has the answer I expected, way too much stuff changed from Snort 2.x to 3.

Choose an AD group that will constantly synced with the XG. I can import groups and the including members, but if I remove a user from the group at AD, the access at the XG is not removed. At least this is my last experience a few MR's ago. 

Did you try to reauthenticate with the users whos group membership has changed. From my experience, sync actions are only done upon authentication.

Sure I did this. The User was able to login, though he was not longer in the ad group.

Removing a user from an ad group does - in my opinion - not block him from authenticating against the firewall. From my understanding he will be then assigned to the default group "Open Group". Please check this.

Seems to be a general problem to delete something (for example IP Object)

XG will not delete the user in this phase. It will simply authenticate this user in the next authentication phase. So if the user is removed from a group or inactive in AD, XG will try to talk to the AD. AD will tell XG the current status. 

If the user is placed on XG, does not matter, as XG will not grant access without the matching group and the correct password. 

XG will not delete the user in this phase. It will simply authenticate this user in the next authentication phase. So if the user is removed from a group or inactive in AD, XG will try to talk to the AD. AD will tell XG the current status. 

If the user is placed on XG, does not matter, as XG will not grant access without the matching group and the correct password. 

But from what I understand, removing a user from an ad group should only put him back to the default group. Therefor the user will be able to access the user portal, even when not having any permission assign inside the default group, am I correct?

This is something I would love to see, like in Sophos SG, so being able to specify group membership for such firewall services and don't sync users, that could not authenticate against the firewall based on the permission scope, if you understand what I mean ;)