Dear All,
we have been using Sophos Web Appliance since a long time and user authentication was never a problem with that device. all we had to do was to provide information about authentication server and SSO was working perfectly fine. But its time to change the device with Sophos XG now, because Sophos claims it to be the next best thing.
although we have configured our XG as provided guides and also installed STAS client for SSO but we have our concerns with the working of this device. the device is in gateway mode.
1- In XG, only those users exists in "Users" section which logged in at least once. which means that if we are installing a new hardware & we want to create rules for all users, we have to wait for user logins to complete.
2- The authentication server (AD) provided to XG is on a parent domain which is segregated between different location (having different networks), and there are child domains as well. users in "User" section shows only users on location where Authentication server situated. in Sophos web appliance, the same location had all the users of domains & sub domains.
3- AD users cannot be managed in "Local Groups", which are needed for our ease of configuration as we dont want to apply rules based on AD grouping structure. what happens is, when we put AD users in custom groups. user moves to AD group from that custom group automatically. In Sophos web appliance, it was possible. all users were segregated into groups & groups were used in policies.
since we were "used to" of Sophos Web Appliance but it had some of its own drawbacks & also the device reached EOL . we have to move to XG now and we want to avoid total restructuring. if these concerns have answers, please let us know.
Kind Regards,
Faheem Sarwar
This thread was automatically locked due to age.