Active Directory backed groups to be usable in the Firewall configuration
We require the Active Directory backed groups to be usable in the Firewall configuration. In our environment we have a secure data centre housing our customers servers. Our support manager or IT team assign rights to individual members of staff on a ticket by ticket basis for access to various parts of the hosted environments. For example one support ticket may require Remote Desktop access, whereas another may
require SQL server access.
We have configured the relevant rules in the UTM to allow people in a specific AD group to connect to the Remote Desktop ports over the VPN. The membership in this AD group is closely audited and is handled by members of staff that have no reason to have access to the UTM for configuring Firewall Rules.
Therefore the current process not only requires a member of staff is added to the AD group, but then a firewall admin must also add them to the relevant UTM rule. Obviously once the support ticket is complete the member is removed from the AD group and also now requires removing from the firewall as well.
Stefan Baumann commented
You have this Feature right now. You can Configure a Group that uses Backend Memberships for exactly such purposes.