Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 12732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Frequent logging out of users in Sophos XG Firewall

akshay_r

We are facing a problem of users getting logged out quite often and reopening of the captive portal again and again in a very short interval. I will be describing my scenario in detail below

  • We have ~9000 users in our system
  • We have 2 XG 750s in Active-Passive HA configuration
  • I have tried the scenario for a user with:
    • No filtering policies
    • No login restrictions in terms of number of simultaneous logins or IP restrictions
    • Not an administrator user

For some log, I have tried using Sophos Client for Linux (CAA) and whenever I get disconnected, I get the message in the client as :
You have been disconnected by the Administrator.
and the client even gets terminated!

We have even seen the same message in the Network Agent app for Android.

Point being

  • I am the administrator and I haven't disconnected anybody.
  • We have not made any changes to the firewall when the message occurs.

I would like to know what all are the scenarios when this message can come (obviously other than when the Administrator actually disconnects) so that we can narrow down the problem.

We have been facing this problem on both wired (~40000 LAN points) and wireless (~800 access points [not by Sophos])

Regards,



Edited Tags
[edited by: Erick Jan at 2:00 AM (GMT -7) on 16 Sep 2022]
Parents
  • 0

    Same issue here. I've also opened a couple of tickets on it and support doesn't see any issues. I'm the only person that manages our firewalls and I'm getting messages that I've been disconnected by the administrator when I'm not even doing anything on the firewall. We did resolve some connectivity issues by disabling application control. No idea why that was affecting anything, but one of the support guys stumbled on it while I was on a session with him. We tested thoroughly and just by setting app control to "none" on all of our firewall rules we saw a huge improvement in random network drops. Support couldn't explain it, said they'd investigate and escalate blah blah blah. Never heard back from them, so still have app control completely disabled.

Reply
  • 0

    Same issue here. I've also opened a couple of tickets on it and support doesn't see any issues. I'm the only person that manages our firewalls and I'm getting messages that I've been disconnected by the administrator when I'm not even doing anything on the firewall. We did resolve some connectivity issues by disabling application control. No idea why that was affecting anything, but one of the support guys stumbled on it while I was on a session with him. We tested thoroughly and just by setting app control to "none" on all of our firewall rules we saw a huge improvement in random network drops. Support couldn't explain it, said they'd investigate and escalate blah blah blah. Never heard back from them, so still have app control completely disabled.

Children
  • 0 in reply to RyanDonohue

    As per suggestions above, the support team noticed that writes to the database were failing constantly (error being unable to connect to the database) and the team released an explicit patch for our firewall which fixed the database issue and since then we haven't faced the issue.