Greetings all,
I have my Sophos XG 230 v18 setup to use STAS for Active Directory authentication using security groups for category based access. I also have a rule set up for a WiFi Network that doesn't match users and can't talk back to the regular internal network. When devices connect to that WiFi network, it seems there is a delay before they actually get internet access. I also have a separate LAN network setup on Port 6 on the XG for Biometric Clock and Tool vending machines that just go directly out to the internet as well. They bypass proxy/firewall and STAS as well. HOWEVER, I've found previous posts from 2-3 years ago with people having the same issue and it coming down to STAS creating the problem. My question is WHY is this happening, if the WiFi rule doesn't have match users set, and the LAN with clocks and machines goes directly out and doesn't match users either. Is STAS STILL trying to authenticate these devices? People reported in those previous posts that if you disable "restrict client traffic during identity probe" that it solved their problem, but wouldn't that also allow unrestricted internet prior to identity being verified?
I do want to note that people who are in rules that match users are fine. They get immediate access based on AD authentication and whichever group they're in. This is only on devices that don't authenticate through STAS.
This thread was automatically locked due to age.
