Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Authentication for web policies

Deploying XG and trying hard to implement authentication using Kerberos/NTLM auth, but I find it to be very frustrating and causing internal traffic to be blocked. Considering switching to STAS. Anyone have experience implementing either/both on a 'standard' Active Directory network? I have a dozen or so internal VLANs. Traffic needs to be able to pass between these subnets. I also have a handful of non-domain joined devices that users will need to be able to access certain websites. In this case they are not considered authenticated users but should still be subject to web policies.

When I tried implementing STAS on my 2 domain controllers I discovered the hard way that it spams the hell out of your domain controller's event logs. Practically every second of every hour of every day is full of continuous error events - if I recall this is due to the fact that there are plenty of devices on the network that are not domain-joined. Or something to that effect. 

Hoping to hear from anyone who has successfully implemented either authentication method.



This thread was automatically locked due to age.
Parents
  • STAS basically grabs the authenication / deauthentication events from DC and forwards the recognized users to XG firewall(s).
    So there should be no events for unauthenticated devices ...
    The now known users may be used within Firewall rules.
    But i have one problem too. With "Enable user inactivity" within STAS settings the Timeout from 3 minutes (default) is too short and users are deauthenticated often.

    can you show us an example of STAS logs within your eventlog?

Reply
  • STAS basically grabs the authenication / deauthentication events from DC and forwards the recognized users to XG firewall(s).
    So there should be no events for unauthenticated devices ...
    The now known users may be used within Firewall rules.
    But i have one problem too. With "Enable user inactivity" within STAS settings the Timeout from 3 minutes (default) is too short and users are deauthenticated often.

    can you show us an example of STAS logs within your eventlog?

Children
No Data