The firewall distinguishes between end users, who connect to the internet from behind the firewall, and administrator users, who have access to firewall objects and settings.

You can configure user records manually. Alternatively, the firewall adds users listed on the authentication server when it authenticates each user for the first time. It adds them to the groups you had imported from the authentication server.

When you add (register) a user, you specify the user type and associate the record with a group. The user inherits the policies defined in the group, but the user's policy overrides the group settings.

  • To import or export user records, see Backup & firmware > Import export. Exported configurations are in .xml format.
  • To change user status from active to inactive (and back), select a user and click Change status.
  • To remove Active Directory users who are not present in the domain, click Purge AD users. To remove the user records from XG Firewall, you must first remove these from your AD server.
    Note If high availability is configured, users are deleted from both the primary and the auxiliary device. The purge will not interrupt user sign-in or sign-out and accounting events.
  • To see the user's group memberships, go to Authentication > Users, click the user and see the settings under policies. Under Remote access VPN, you can see the SSL VPN and clientless SSL VPN policies assigned to the user's groups. For more information about how XG Firewall applies rules and policies to groups, see Group membership behavior with Active Directory.