AD authentication problem

Question

I 'm using xg v 17 and and I added AD server to authenticate users and I downloaded STAT and installed it on active directory, I used ping as logoff detection method to avoid the users being logged off after few minutes , I added firewall exception to allow upd port 6677 and tcp port 5566 ,added local security policy to allow audit success on domain 
 every thing was going well,but: 
 I created 3 groups in AD and added users to it,I imported these groups to XG firewall but I discovered that when I change user group in AD it will not change in XG in the same time 
 after a little search on the internet the advises were to create groups locally on XG and add imported domain users to it,I did that but every time I restart the xg firewall all users escape to open group and I ve to reassign them again to their groups,how can I fix this issue????

Ronak Sheth · Answer

Hi Ramy, 
 Sophos XG works in Tight Integration with your AD server.  To achieve your requirement follow the steps in order. 
 1.All user should be the member of some security or distribution group of your AD. 
 2. Import group to your XG using the import wizard? 
 3. If user are in multiple group make sure you arrangement  group in correct order. XG will verify groups from top to bottem and assist to the first matching group. 
 If the user does not fall in any group XG will associate it with default group i.e. Open Group. 
 XG will reassign new group when user login using any login method. 
 For more clarification you can refer Sophos KB article

Good luck!!! 
 Regards, Ronak.