Hi together,
i have a quick question regarding the LDAP/AD authentication backend feature for the XG firewall.
Am i just stupid or is it not possible to restrict the LDAP/AD VPN users for SSL-VPN to a specific ad security group?
The Sophos SG-UTM was able to limit different ssl-vpn-profiles to specific backend memberships. Any options to do the same on XG?
You can assign ad group to ssl vpn profile yes.
No profile no vpn access.
And you can add the firewall rules based on groups and users and limit the access even further.
Thanks for the Feedback and sorry for the late response.
As you and crafty described it is possible to Limit the VPN Access through Profiles and rules but it seems not possible to limit the Users that are able to login to the User Portal in the first place.
So every User under the configured AD OU is able to Login to the User Portal regardless of the group membership.
Ever figure it out? I’m having the same issue and having to use profiles to restrict access to the VPN, but I want to keep users from logging in if they are not in the
AD security group. Found a couple instances from Sophos that makes it sound like an LDAP query should make that happen but anything other than top level domain makes logins not work all around. Frustrating.