AD integration - Substantial Improvements desired/required
XG Integration with Windows AD is extremely weak.
1. XG needs to support users being a member of multiple Groups
XG needs to add users to multiple Groups during AD Sync/import. Currently it (a bit weirdly) choose the alphabetically first Group in those being imported to add the user to.
XG needs to have an ability to refresh the group membership, where appropriate taking
users OUT of groups if they are no longer present.
4, XG needs a means of automatically (scheduled?) re-syncing the AD Users/Security Groups/Group membership; I think the Sophos Central integration is pretty much what is required in the XG.
Lucar Toni commented
Actually both requests are implemented into XG Firewall.
XG knows all backend groups and match them against firewall / proxy etc.
It syncs all groups while authentication - This method should be more efficient compared to a static scheduled task. Each and every authentication process (you login, STAS refresh the auth etc.) will resync all groups.
It is a pity that this function is not implemented / extended. I have many customers who still have an SG in use. Without this function, a migration to XG is unfortunately not possible.
The AD integration in the SG works much better.
Hi. Can you tell me whether these features have been implemented in XG V18? Nothing is, as yet, shouting out but I may have missed something.
Hope you can give me some good news.
If not yet implemented, can you tell me when (that's hopefully not it, but when...) it will be as it is so very much needed.
So much this. The XG firewall needs to work similar to Synology in that you can set how often it refreshes the AD domain info.
Kyle Winfield commented
Also sync users via UPN and not just sAMAccountName.