Sophos XG: How to configure authentication domain user using Synchronized User ID on firmware version 18

Overview

Synchronized User ID will share user account information logged in with Heartbeat firewall. The firewall will check the user account based on the AD server configured and active the user. The synced user ID will only work with the Active Directory configured to be configured as an authentication server in XG Firewall and currently supports Windows 7 and Windows 10 machines

The article explains how to configure Synchronized User ID according to the following diagram:

How to configure

Step 1: Install Sophos Endpoint Protection software for user domain machines

Step 2: Add Sophos Central account to XG Firewall device

  • Login to Sophos XG by Admin account
  • Central Synchronization -> Register
  • Enter your Username and Password account of Sophos Central -> Click Register
  • After you have register your Sophos Central account -> The Security Heartbeat feature has been activated

Step 3: Add AD Server to Firewall to be enable to authenticate users

  • Authenticate -> Servers -> Click Add
    • In the Server type: Select Active Directory
    • Server name: Name the server you want to manage
    • Server IP/domain: Enter the IP of AD
    • Port: 389
    • NetBIOS domain: Enter the NetBIOS name of AD
    • ADS user name: Enter the administrator
    • Password: Enter the password of the administrator account
    • Connection security: Select Simple
    • Display name attribute: Enter the name for the server you want to manage
    • Email address attribute: Enter the email you want (can be left blank)
    • Domain name: Enter your domain name
    • Search queries: Enter domain name in queries (Ex: dc=vacif,dc=com)

-> Click Test connection -> Click Next

Step 4: Add group contains the users you want to authenticate into the firewall

Click Import icon

Click Start

In the Base DN section: Enter the domain name with the form dc=vacif,dc=com

  • Select the group you want to select
  • Custom policy for group policy according to needs

-> Click Next to continue

Step 5: Adjust the Service configuration so that the firewall authenticates the AD Server user

Authencation -> Services

In the Firewall authentication methods

  • Click your AD and uncheck Local (or you can choose AD and upload it on Local, do not deselect Local)
  • In the Default group section: Select the OU or group you have added

-> Click Apply

Step 6: Check that the user is accessing the system

  • We will see the user of the domain is displayed with heartbeat when logging in to the account and participating in network access

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.