The firewall distinguishes between end users, who connect to the internet from behind the firewall, and administrator users, who have access to firewall objects and settings.

When you add (register) a user, you specify the user type and associate the user record with a group. A user can belong to more than one group.

The user inherits the group policy, but if you select both the user and the group in a rule, the user's policy overrides the group policy. For example, if the user and the user's group are selected in a firewall rule, the user's policy applies. If only the group is selected, the group policy applies.

  • To import or export user records, see Backup and firmware > Import export. Exported configurations are in .xml format.
  • To import user records from an Active Directory server, see Authentication > Servers.
  • To remove the records of Active Directory users who aren't present in the domain, click Purge AD users. To remove the user records from XG Firewall, you must first remove these from your AD server.
    Note If high availability is configured, user records are deleted from both the primary and the auxiliary devices. The purge doesn't interrupt user sign-in or sign-out, and accounting events.
  • To change user status from active to inactive (and back), select a user, and click Change status.