Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS Authentication not working properly with Windows 10

Sebastian Keller

Hi all,

 

we are running Citrix VDI's under Windows 7 with STAS Authentication to our XG Firewall ( XG430 (SFOS 17.5.11 MR-11.HF052220.1) 

The Windows 7 VDI's are working fine - after Log in the User is logged in the STAS Client under "live Users". Also the User is authenticated in the Firewall with Client Type "STAS".

When i browse to a page via Internet Explorer for example www.google.de and look into the Webfilter Log i see the Requested URL, the username of the user wanting to go to the URL, and the IP of the machine.

 

Now to the Problem - under Windows 10 the User also gets logged in the STAS Client under "live USers" The user also is listed in the Firewall as authenticated User with Client Type STAS. Now when i browse to a webpage from the Windows 10 Machine the user is logged in and look at the Webfilter log i see that there is no Username logged.

 

This causes our default Webfilter which allows no traffic to be triggered.

However when i look at the Authenticated Users My user is listed on the very same IP, as authenticated with STAS.

 

 

How can it be that my user is authenticated in the Firewall to the correct machine IP but when browsing the XG looses the credentials?

 

I am at my whits end and would greatly appreciate some tips!



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Could you please provide detail of your firewall rule. Do you have different firewall rules for Windows 7 and Windows 10 users? 

    Thanks,

  • 0 in reply to FormerMember

    Hi ,

     

    Thanks for your reply!

     

    The Windows 10 and Windows 7 Users are Using the same Rules.

    Windows 7 and Windows 10 VDI's match into a rule which allows HTTP and HTTPS Traffic to WAN. The box "Match known users" is ticked for that rule and theres a Webfilter set which allows Internet Sites except social media and inappropiate/scam sites.

    The Windows 7 and Windows 10 machines are located in the same subnet which is se tunder source Zone.

     

    if this rule is not matched because there is no authentication another Rule matches with same source zones which allows icmp and certain certificate checks to WAN but there a webfilter is set which denies each and every website to be browsed to - hence authentication is essential to be able to set up on the Windows 10 VDI's.

     

    I hope these are enough details?

     

    Regards,

    Sebastian

Reply
  • 0 in reply to FormerMember

    Hi ,

     

    Thanks for your reply!

     

    The Windows 10 and Windows 7 Users are Using the same Rules.

    Windows 7 and Windows 10 VDI's match into a rule which allows HTTP and HTTPS Traffic to WAN. The box "Match known users" is ticked for that rule and theres a Webfilter set which allows Internet Sites except social media and inappropiate/scam sites.

    The Windows 7 and Windows 10 machines are located in the same subnet which is se tunder source Zone.

     

    if this rule is not matched because there is no authentication another Rule matches with same source zones which allows icmp and certain certificate checks to WAN but there a webfilter is set which denies each and every website to be browsed to - hence authentication is essential to be able to set up on the Windows 10 VDI's.

     

    I hope these are enough details?

     

    Regards,

    Sebastian

Children
No Data