Add an External Server

On this page you can create one or more authentication servers. Follow the links to create them:

Active Directory

Active Directory (AD) is Microsoft's implementation of a directory service and is a central component of Windows 2000/2003 servers. It stores information about a broad range of resources residing on a network, including users, groups, computers, printers, applications, services, and any type of user-defined objects. As such it provides a means of centrally organizing, managing, and controlling access to these resources. The Active Directory authentication method allows you to register Sophos XG Firewall at a Windows domain, thus creating an object for Sophos XG Firewall on the primary domain controller (DC). Sophos XG Firewall is then able to query user and group information from the domain.
Note Sophos XG Firewall supports Active Directory 2003 and newer.

Add Active Directory Server


LDAP, an abbreviation for Lightweight Directory Access Protocol, is a networking protocol for querying and modifying directory services based on the X.500 standard. Sophos XG Firewall uses the LDAP protocol to authenticate users for several of its services, allowing or denying access based on attributes or group memberships configured on the LDAP server.

Add LDAP Server


RADIUS, the acronym of Remote Authentication Dial In User Service is a widespread protocol for allowing network devices such as routers to authenticate users against a central database. In addition to user information, RADIUS can store technical information used by network devices, such as supported protocols, IP addresses, routing information, and so on. This information constitutes a user profile, which is stored in a file or database on the RADIUS server. The RADIUS protocol is very flexible, and servers are available for most operating systems. The RADIUS implementation on Sophos XG Firewall allows you to configure access rights on the basis of proxies and users. Before you can use RADIUS authentication, you must have a running RADIUS server on the network. Whereas passwords are encrypted using the RADIUS secret, the username is transmitted in plain text.

Add RADIUS Server


TACACS+ (the acronym of Terminal Access Controller Access Control System) is a proprietary protocol by Cisco Systems, Inc. and provides detailed accounting information and administrative control over authentication and authorization processes. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates these operations. Another difference is that TACACS+ utilizes the TCP protocol (port 49) while RADIUSClosed uses the UDPClosed protocol.

Add TACACS+ Server


Novell eDirectory is an X.500 compatible directory service for centrally managing access to resources on multiple servers and computers within a given network. eDirectory is a hierarchical, object-oriented database that represents all the assets in an organization in a logical tree. Those assets can include people, servers, workstations, applications, printers, services, groups, and so on.

Add eDirectory Server