Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 1853 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V18 / STAS - Authentication

M8ey

Hey guys,

 

Is there a better mechanism in development that STAS in its current form?

95% of my Firewall issues relate to STAS and it deciding not to work as needed. Ideally going back to the UTM style suits me fine rather than reading events.

My laptop users are the worst as they close the lid and bring it to work which doesn't create the logon event needed. iOs / Android is a whole other ball game and any PC not on our domain.

 

I heard Sophos are looking at a better way but I see in V18 STAS remains unchanged.

 

Whats the plans  - anyone aware?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    As of now, there is no information available on a new feature for the STAS version.

    If you could share details on your issue, we will try to provide the best solution possible.

  • 0 in reply to Keyur

    PS: UTM "style" will not solve your issue at all. 

    UTM style is Kerberos, which is included in V18. But Kerberos depends on HTTP (Web Traffic). Your client needs to login and open a Web application, to get authenticated. UTM only need Kerberos for Web traffic (proxy), so it does not matter there. But XG depends as a "Layer 8 Firewall" on the first packets already authenticated. 

    Better approach could be Synchronized User ID (with the Central Endpoint). It moves the authentication to the Endpoint and relies on the information by the Central Endpoint.

    Or you move to Kerberos and uses it only for Web Traffic. 

Reply
  • 0 in reply to Keyur

    PS: UTM "style" will not solve your issue at all. 

    UTM style is Kerberos, which is included in V18. But Kerberos depends on HTTP (Web Traffic). Your client needs to login and open a Web application, to get authenticated. UTM only need Kerberos for Web traffic (proxy), so it does not matter there. But XG depends as a "Layer 8 Firewall" on the first packets already authenticated. 

    Better approach could be Synchronized User ID (with the Central Endpoint). It moves the authentication to the Endpoint and relies on the information by the Central Endpoint.

    Or you move to Kerberos and uses it only for Web Traffic. 

Children
No Data