Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 13194 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN and SSO authentication

Juan Pablo Lopez Martinez

Hello

I'm connecting a remote branch office to the main office via VPN (PPTP) connection. In the main office there is a XG Firewall, in the branch office a mikrotik router. I need to authenticate my remote users by using a Domain Controller located in the main office. Currently, in the main office the Active directory and SSO integration works correctly. I can authenticate the users in the remote office with the AD, but in the XG Firewall, the traffic of the remote users appears with the VPN user, not the AD user. How can I mark the traffic of the remote users with the AD user, not with the VPN user?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Thanks for your answers.

    The problem was that for the UTM, the traffic originated in the branch office was seen with the public IP address of the MikroTik router because for the UTM the PPTP connections are "Remote Connections ". The solution was to establish an IPsec site-to-site VPN between the UTM and the MikroTik Router. Now I can authenticate the branch users with the Domain Controllers of the main office and route all the branch office traffic through the main office UTM and apply user based Firewall rules. 

    However, I have a problem with server publication on the branch office. Is strange because I can ping the remote server from the UTM, but the server publication through the UTM public IP address doesn't work. May be a IPsec routing problem?

    Regards

  • 0 in reply to Juan Pablo Lopez Martinez

    HI Juan, 

    Could you post a diagram (may change the address) and let us know if the issue is with the authentication or Internet traffic. 

Reply Children
No Data