Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 3172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authenticating AD Users and Match known Users

Nad

Hello,

We want Active directory users to get access to the internet through XG 230 Firewall running the latest Firmware.

Current Setup:

  • Using STAS on Windows Server
  • All users were migrated from AD to Sophos
  • Firewall rule created (attached to this thread)
  • In the rule I had to add the IP address of the computer in Source Network ad devices so that this IP gets internet connection
  • Connection works fine on the laptop with this IP for any user, now I add the migrated username XXX@mydomain.local under match known users and select it, shouldn't only the user xxx receive internet connection on this IP? But this is not happening as the connection stops completely on the laptop when the users is selected under match known users
  • What is the best practice in order to authenticate AD users and give them access to the internet please? 
  • Should I add the IP in the firewall rule or not, because if I remove it the user doesn't get internet connection although listed under match known users.
  • Another questions please, when creating a new firewall rule, followed by a NAT rule, I'm unable to see the new rule under, Routing\SD-WAN Policy, in this case how can I set the gateway the this rule will follow ( We have two gateways in our setup)

Thank you in advance for your assitance.



This thread was automatically locked due to age.
Parents
  • 0

    SFOS is quite simple in this terms. 

    In a Firewall Rule, if you select "match known users" XG will simply replace the Source IP with the username. The information has to be in current activities - Live users. Thats the information used by XG. 

    If you create a rule with Source LAN and match known users, XG will replace apply this rule, whenever the username has a IP. Check the live users first. 

  • 0 in reply to LuCar Toni

    sadly it is not working for me.

    I have the IP address of the computer under Source networks and devices, if the username is not added under User or groups, then connection to the internet is established on the computer for any user. If the username  is added under match known users, then the computer doesn't recive internet connection anymore, any ideas?

Reply
  • 0 in reply to LuCar Toni

    sadly it is not working for me.

    I have the IP address of the computer under Source networks and devices, if the username is not added under User or groups, then connection to the internet is established on the computer for any user. If the username  is added under match known users, then the computer doesn't recive internet connection anymore, any ideas?

Children