XG Best Practice, Firewall, IPS, VPN ect.

Question

Hi All, 
 
 We have a new XG + Sophos central/interceptX. 
 I have the firewall setup with a copy of LAN-WAN IPS with all but windows clients/servers removed, SSL decrypt+scan and yellow or above heartbeat policy setup. Is this how we should go or does anyone else have any other strict but lenient configurations? also with the AD Auth we plan on using SSL VPN to allow remote users access via RDP, will this let them log into the VPN using AD account or do we still need to make a VPN user account? im trying to decide if its worth doing the AD sync and what benefits we would achieve from it. 
 
 As a IT consultant switching from trend to Sophos we want to have a seamless as possible approach and all of this is new to me and our team. 
 
 Thanks, Anthony.

lferrara · Accepted Answer

Anthony, 
 Ips should match what you are trying to protect. You removed windows machine but you have rdp enabled for vpn so you still have windows machine. 
 For the vpn, AD is right. You can force change passwords and lock users using gpo. 
 I advice you to set avira as first AV engine because you have Sophos on endpoint. 
 Regards