Deploying XG and trying hard to implement authentication using Kerberos/NTLM auth, but I find it to be very frustrating and causing internal traffic to be blocked. Considering switching to STAS. Anyone have experience implementing either/both on a 'standard' Active Directory network? I have a dozen or so internal VLANs. Traffic needs to be able to pass between these subnets. I also have a handful of non-domain joined devices that users will need to be able to access certain websites. In this case they are not considered authenticated users but should still be subject to web policies.
When I tried implementing STAS on my 2 domain controllers I discovered the hard way that it spams the hell out of your domain controller's event logs. Practically every second of every hour of every day is full of continuous error events - if I recall this is due to the fact that there are plenty of devices on the network that are not domain-joined. Or something to that effect.
Hoping to hear from anyone who has successfully implemented either authentication method.
This thread was automatically locked due to age.