If you have XTM devices at two sites connected with a branch office VPN tunnel, and you have an Active Directory server at one of the sites, you can enable users at both sites to use the same Active Directory server for authentication. To do this, you can add tunnel routes to the configuration of both devices as described below.
For example, consider an organization that has XTM devices at two sites, Site A and Site B. The Active Directory server is located at Site A. The administrator wants the XTM device at Site B to use the Active Directory Server at Site A for authentication of local users.
At Site A, you must add a tunnel route for traffic through the BOVPN tunnel from Site B to the local Active Directory server.
At Site B, you must also add a tunnel route for traffic through the BOVPN tunnel between Site B and the Active Directory server at Site A.
Configure Active Directory authentication on the Firebox or XTM device at Site B as described in Configure Active Directory Authentication.
After you complete these steps, the XTM device at Site B can use the Active Directory server at Site A to authenticate local users.