Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1552 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall | Active Directory Users Not syncing to the groups correctly

Tharindu Premarathne
  • Issue
  1. A customer is faced with a strange problem in the Sophos XGS Fw (v19), After rebooting the firewall or the Active Directory server, certain users are no longer in their group. We add all the subnets to the STAS and log in to the user portal (The technical support engineer advised us to connect to the user portal for user registration I'm not sure if this is correct or false). We did everything they told us to do, but the problem remained. 

  2. There was another issue, the customer created some different groups in the AD for the firewall. When he adds the users to the said groups, users don't allocate the particular group instead user portal shows different AD groups

In my situation, all the Active Directory user groups are the same in the firewall, I found an article that says if you create a firewall user group and add AD users that group users will not stay after a rebooting. 

Those are the Issues having almost a month. Finally, we manage to solve the issues with the help of the Sophos support team.

for the first issue,

You can't create custom firewall groups in the firewall and add the AD users. If you want to create different groups for that You have to create those groups in the Active Directory server and sync them to the firewall.

And if have multiple subnets, you have to add those subnets to the STAS.https://www.avanet.com/en/kb/how-to-configure-stas-on-sophos-firewall/. You can find all the steps mentioned link.

 And if you want to add custom search queries for OU's you can add "ou=<OU Name>, dc=<test>, dc=<com>" like this.

For the Second Issue.

Refer to the above image for the issue. The customer wants to add the email block group. But the user portal shows a different group. Sophos Firewall always leaves the primary group and registers users to the second group in the member of a section. But in this case, it didn't work.

The solution is to go to the firewall, go to the Host and services, and select groups. You can find the Option called "REORDER" in the top left corner, click that and you can find all the groups in there. You can change the group order in that section.

In my case, the IT Users group stayed above the Email block group and I simply drag the IT Users group to the below email block group. After that problem was solved.

Those are all the findings on the issue and resolving steps, I'm writing this because after I get this issue I couldn't find any thread regarding this kind of issue. Hope this will help somebody and Correct me if anything is wrong with the above things.



This thread was automatically locked due to age.
Unfiltered HTML