Sophos Xg Azure Ad



If you do not have MFA enabled for your Office 365/Azure AD account you can enable it trough following link or use conditional access policy to enforce MFA for user accounts. Only push message trough Microsoft Authenticator App or phone call can be used for 2-factor authentication with SSL VPN/Sophos Connect. Sophos XG Firewall: Integrate XG Firewall with Azure AD; Sophos XG Firewall v18 MR5 is Now Available! Sophos Firewall: v18.5 EOL Support for accesspoints; Sophos XG: XG as NTP server – workaround; Azure MFA NPS extension: The request was discarded by a third-party extension DLL file; Windows failed to apply the MDM Policy settings. In Sophos Central, in the left-hand pane, select Settings. On the Settings page, under Administration, select Azure AD Sync Settings/Status. On the Azure Sync Settings/Status page, select Edit. In the Edit Azure AD Sync dialog box, enter the following information, which you obtained when you set up your Azure applications. XG Firewall Sophos.com. Sophos Central Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products. Please raise all product releated feature requests in the respective product forum. Azure ad Allow Azure AD authentication to Sophos Central to gain MFA. The same set of Azure AD DS features exists for both environments. Azure AD domain services offer an LDAP interface to XG that can replicate the working of an on-premise Active Directory. This article assumes there is an existing Azure AD environment in place.

You can import users and user groups using a directory service to Sophos Central.

SophosAzure

In Settings, on the Active Directory Sync page, you can select the directory service you want to use.

  • There is a link so you can download the latest installer for setting up synchronization with Active Directory
  • In Endpoint Protection and Email Gateway you can use Azure Active Directory synchronization instead.
    Note If you are using Office 365 you must use Azure Active Directory synchronization.

For instructions on setting up Active Directory synchronization, see the Active Directory setup instructions. Once you have set up synchronization you can review its status and other settings.

Affinity photo luminar. For instructions on configuring Azure Active Directory synchronization, see the Azure Active Directory setup instructions. Once you have set up synchronization you can review its status and other settings.

Sophos Xg Azure Advanced

Note Azure Active Directory synchronization does not support Azure Active Directories that contain data migrated from on-premise Active Directories.
Note Sophos Azure Active Directory synchronization can be used with Sophos Endpoint Protection and Sophos Email. It has not been tested with other Sophos products.

Overview

  • This article describes the steps to integrate Sophos Firewall with Active Directory (AD) for users authentication and access control.

Determining NetBIOS, Domain Name and Search Queries

  • From Active Directory, go to Start > Administrative Tools > Active Directory Users and Computers. Right click the required domain and go to the Properties tab.
  • Search Queries are based on the domain name (DN). In this example, domain name is sophos.com, so the search query is: dc=sophos, dc=com

Adding AD to Sophos Firewall

  • Login to Sophos XG Firewall Web Admin by https://<Please change your owned ip>:4444
  • Username (default) : admin.
  • Password (default): admin (You can change password).
  • Go to Authentication > Servers and click Add to configure the Active Directory.
  • Fill Active Directory Parameters to the cells (Please fill your AD Parameters owned, this is just example).

Sophos Xg Azure Administrator

Setting AD as the primary authentication method

  • Go to Authentication > Services, under Firewall Authentication Methods, select the recently added AD server as the primary authentication server.
  • Local server is selected as primary by default. Make sure that the recently added AD server is the first in the Selected Authentication Server list.

Importing AD groups

  • Go to Authentication > Servers and click onicon to launch the wizard.

Sophos Xg Azure Vpn

  • Enter the Base DN. In this example the Base DN is: dc=sophos, dc=com (Please enter your Base DN owned).
  • Select the OUs and groups to be imported in Sophos Firewall.

Sophos Xg Setup Guide

  • Optionally, select common policies to attach to the selected groups.

Azure Sophos Xg Pricing

  • Review the settings.
  • The Wizard has imported the selected groups into Sophos Firewall and added them to the bottom of the groups list.
  • Results