In the XG firewall you can add allow the administrative access to a security groups in AD, its different from what you have seen in the UTM appliances.Initially when you integrate the firewall with the Active directory and Import the groups XG firewall only imports the Groups and not the users inside the group. The bottom line is Active Directory Users can login to the XG firewall using their domain account but there was a couple of steps added to this. If an user xyz@domain.com would like to manage the appliance, there were 2 additional steps added before we can achieve this Step 1 involves the System>Authentication> Authentication Services Make sure the Active directory server that was added earlier is selected under Administrator Authentication Methods and Firewall Authentication Methods Step 2 The admin user from AD have to login to the user-portal @ https://ipof XGfirewall if he is connecting from WAN or simply login to the captive-portal if the admin user is behind the firewall. The intention behind this behind the firewall will auto create the user account for the admin users. Step 3: The super admin user have to approve all the admin users from the Active Directory Manually this can be done under objects > identity > users (This is just for additional security reasons) attaching a screen shot below for your reference.
↧
