XTM525 and active directory

[dmna007]

Hi, i'm migrating away from our checkpoint to a new XTM525, im trying to get integration with active directory set up as I am hoping I can create firewall rules based on active directory users like I did on the checkpoint

Under authentication server I have setup our domain on the active directory tab and as far as I can tell it is correct

Now I cant work out where I can view and add the AD users - any ideas?

Thanks, Damien

 

[hairlessupportmonkey]

the WG knowledge base and also the off-line help file is a great source of help and tutorials.

http://customers.watchguard.com/articles/Article/3147/?q=active+directory&l=en_US&fs=Search&pn=1

ACSS - SME
General Geek

 

[hairlessupportmonkey]

There is also a single sign on agent you can install on the DC so users only have to authenticate once via their normal login process. You can then create policies to allow access to internal server / services via authenticated users. Its quite nifty.

ACSS - SME
General Geek

 

[dmna007]

Hi thanks, I have followed the installation instructions but what I need to do now is add a rule for a specific AD user and thats the part im stuck on

eg I need to allow Clive (An AD user) outbound access using protocal SMTP to his email server.

I want the rule to apply to Clive's AD user account opposed to a pc account because Clive uses multiple Pc's

The problem I have is I dont know where to find Clive's user account when setting up the rule?

Thanks, Damien

 

[buwrito]

What we've done is setup AD groups and setup rules based on the groups. Before you can create a watchgaurd firewall rule based on a group, you have to go into system manager and add the group. (Setup -> Authentication -> Authorized Users/Groups) Add the group with the exact same spelling as AD has it. (Can't use spaces) If you have AD setup correctly, you'll then be able to create rules based off these groups.