Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1200 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup STAS Suite on a Member Server and need to know which firewall port to open on Domain Controller

MrMojoRisin76

First, I wish Sophos would put out an article that explicitly states everything that needs to be done to get STAS working properly. Right now, it seems as though you have to piece together various articles in order to get this to work.

My situation is this, I install the STAS Suite on a Member Server, not directly on the DC. I need to know which firewall ports need to be open on the DC in order for the STAS Suite to communicate from the member server to the DC.

Does anyone know this information and if so, thank you in advance!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to MrMojoRisin76

    There is a collector and a agent. 

    The collector part communicate to XG. the agent communicate to the DC. 

    You can split both up. And with STAS 2.5, you can place both on a external server, not DC. 

    Agent will use the Authentication, to login to DC to get the login information. As far as i know, this should be port 139. (Basic Auth). 

    You should not see XG itself logged in. Thats odd, but you can investigate this further by looking into the STAS live log. 

  • 0 in reply to LuCar Toni

    In the case of multiple domain controllers, do you need to have one agent per DC?

    https://support.sophos.com/support/s/article/KB-000035730?language=en_US

    This page hasn't been updated for 2.5 apparently so it is unclear how the agent communicates with multiple DCs.  There are two seemingly conflicting configuration boxes on the Agent page.  

    Domain Controller IP
    Domain Controller to be Polled

    The documentation appears to indicate we should be using "Domain Controller IP" but there is only one IP to enter.