Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 33 subscribers
  • Views 9112 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connection Resets/Drop off with AD Sync/STAS Enabled

HaydenKirk

This is an on-going issue we have had for a couple of months now. Support have been in our system watching. We have pretty much confirmed the cause at our end, but want to see if anyone else has experienced this.

Our setup is an X210 with STAS enabled without the Auth Client installed.

Our rules do not have user-based policies enabled.

What we see are consistent dropouts on the network when firewall authentication is enabled at the service level. When this is removed, the issue goes away. We have confirmed this on one other site with a very similar setup.

Any ideas?



This thread was automatically locked due to age.
  • 0

    ** Bump. A couple of subscribers to this, so I'm sure other people are having the issue.

    If we disable STAS, the issue goes away.

  • 0 in reply to HaydenKirk

    We have similar issues and it relates to the Clients suddenly losing their authentication.

     

    that is one minute the XG knows who they are and then it forgets and blocks then remembers them again....

     

    Still working on why / how.

    STAS is needed in my case.

  • 0 in reply to HaydenKirk

    Hi,

    if i am correctly, i saw this on a customer site as well. But they disabled STAS and everything was fine.

    They had STAS enabled without any configuration (which does not make sense), so they disabled it.

    So did you configure STAS as well with a correct DC or just enable it?

  • 0 in reply to HaydenKirk

    We have a similar issue. If you login to the advance shell, run "drppkt | grep 'Identity'" and see if you have any drops. I had a conversation with  and this was an unknown carryover from Cyberoam. The firewall is looking to authenticate the traffic even if the rule is not user based. It should be fixed in V17.2 hopefully. It is being tracked as NC-26440. You can disable STAS completely to get rid of the issue all together or you can change the time for "learning" on the XG to reduce the issue.

    Mike

  • 0 in reply to MichaelBolton

    We're seeing this as well.  IN particular it's a pain in the butt (even with 1 second learning time.)   We would like to get users names in the logs/reports using STAS, but when packets are dropped breaking our remote desktop traffic it becomes a huge pain.   All our fw fules are not user authenticated at all.  Thanks for the Bug tracking number.  I will also submit a ticket as well and reference that.

     

    Thanks,

    -Scott

  • 0

    Hello,

    I also digging the issue as we are not using identity based policy yet for our branches to HQ traffic  flow, In the first we didnt notice the issue as it is randomly happening, until I simulate a test lab to replicate the problem with the help from Sophos support engineer, this is an unresolved bug and the ETA for the patch is not yet announce. our STAS is currently enabled for our HQ Web policy authentication and the solution worked for me is to define all the IP addresses range of our RED branches on the Clientless users definitions and the issue is resolved. 

    Sophos support knowledgebase suggestion didnt work, untill I ended up on the working solution.

     

    from Sophos support; 

    It seems like the device is affected with the bug NC-26440.

    At the moment its resolution is provided in the below mentioned Kb article.

    -----------------------------------------
    Article ID: 125468
    Title: Sophos XG Firewall: Traffic dropped during user authentication
    URL: https://sophos.com/kb/125468