Connecting to AWS directory service over SSL

Question

Hi,

We are using Sophos firewall and as per their steps we followed and enabled CA module https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/137078/sophos-firewall-a-quick-guide-for-ldaps-ad-integration-with-windows-server-2022-2019-2012

But still ldp is not able to connect over ssl. Any idea what can be wrong? Or AWS directosry service needs different settings?

Answer

This is our guide for enabling LDAPS on AWS Managed Microsoft AD.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_ldap_server_side.html

Answer

Hi,

Are you aware of https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/GettingStarted/DeploymentOptions/DeployAWS/index.html (and other related documents at bottom) ?

It's a step-by-step guidance to instantiate Sophos firewall on AWS.

Additionally, if you look at https://doc.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/Servers/AD/AuthenticationADServerAdd/index.html, there is an option to avoid TLS and start with plain text. You may want to start your test with non encryption to validate the rest of your setup and then focus on SSL when the first part is working.

Re. your specific question if I understand it correctly : I guess that you want to set `Secure Channel Cipher `to `TLS 1.1`. See https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_directory_settings.html

Best,

Didier

Connecting to AWS directory service over SSL

Contenuto pertinente