Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 4980 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CTAS / STAS interop

IT IT7

This has previously been a (mostly) Cyberoam site. We are now setting up our first Sophos XG 115. CTAS 2.1.2.5 is in place and working.

Will Sophos devices work with CTAS?

Will Cyberoam devices work with STAS?

If I install STAS over CTAS, will the configuration migrate to STAS?

TIA



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    We are sorry for the inconvenience caused!

    If you are running with Sophos XG firewall, I would recommend you to install STAS in the AD server for a seamless experience for STAS authentication for the users.

    I would also recommend you to bypass ports such as 6060, 6677 from the AD server's local firewall.

    Please make sure that the kerberos authentication event is enabled for success and failure events.

    Please refer to the article for the configuration purpose- https://community.sophos.com/kb/en-us/123156

    Please contact us for any further assistance for the STAS, we are happy to help you.

  • 0 in reply to Keyur

    Thank you, Keyur and FloSupport.
    We have a mix of Cyberoams and Sophos. Until we're 100% migrated Sophos, we need a solution for both devices. So your answer returns us to my original questions:

    (Don't know how that text became purple; other than that it was pasted from a Win 10 Sticky Note, where it was black text!)

    Will Sophos devices work with CTAS? (Empirically, yes, because we're doing it...but is it supported?)

    Will Cyberoam devices work with STAS?

    If I install STAS over CTAS, will the configuration migrate to STAS?

    Thanks.

  • 0 in reply to IT IT7

    Hi  

    Unfortunately, you have to use separate authentication software for Cyberoam and Sophos.

    STAS for Sophos and CTAS for Cyberoam.

    There is no configuration migration will happen nor there is a feature available to migrate the configuration from CTAS to STAS or vice versa.

    I will contact the concerned team and if any possibilities are there as per your requirement, I will inform you further.

  • 0 in reply to Keyur

    Keyur, the concerned team needs to know that because both CTAS and STAS would be required in our scenario, CTAS and STAS would have to share the same DCs. If guidance is required on that beyond using non-default ports for one or the other, please let me know.

    I can see this quickly becoming a nuisance. This client is pretty dynamic about setting up and taking down remote sites. We will have legacy Cyberoam's around until end-of-support.

    I don't really like running ANY software on a DC--much less TWO programs that are identical except for the icon and the first word in the title bar!

  • 0 in reply to IT IT7

    You could actually run STAS on a second server and simply fetch the Logs.

    STAS 2.5 is able to be installed on another server and fetch all the DC Logs.

    https://community.sophos.com/kb/en-us/133531

    Maybe this helps. 

  • 0 in reply to LuCar Toni

    Thanks, LuCar, I did not know that. That would let me keep STAS off the DCs and use default ports throughout to simplify deployment.

    It doesn't address keeping the relevant portions of CTAS & STAS configs synchronized, so I'm still hoping Sophos will provide a more sensible migration path. Even if that require migration to STAS, and Sophos supporting using Cyberoam CRs against it.

    That said, I'd speculate that the config sync works between CTAS and STAS, just as Sophos XG can clearly obtain logon data from CTAS.

  • 0 in reply to IT IT7

    Hi  

    I would request you to open a service request for further assistance on your requirement.

    Please message us the service request number. 

Reply Children