Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 2151 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Authentication Agent disconnect randomly.

varun singh

Hi, We have a XG 135 firmware version SFOS 18.0.4 MR-4 running in our office. We have a mix of clients using Windows 10, MacOS 10.15 and 10.16, Linux Ubuntu 20.04.

We are running client authentication agent on each system to login into the firewall. All the values that could disconnect a system like Inactivity settings are already increased to 300 minutes. But i can see in the logs that several systems are still being kicked out even within 5 minutes of log in. No i can not understand the reason of this behavior.

One special thing, We are using the same user accounts for SSL VPN as well. So we can not use Clientless authentication.

Sophos support turned out to be pretty useless as one of my ticket already closed without proper communication and second one is lying without any attention for over a week.

Can anyone in the community please help!!

Thanks

Varun



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Apologies for the inconvenience caused.

    If you had concerns regarding a specific support case, please send your case number to me via PM and I'll be happy to help follow up.

    About the issue, could you please confirm few configuration details? Have you imported users from your AD? Or configured local users on the firewall? 

    How many simultaneous logins did you configure for users? Go to Authentication > Users > Click on specific user > find Simultaneous logins. If it's selected, use global settings, then go to Authentication > Services > Global settings. 

    If you could provide the access_server logs in debugging, that would help us identify the issue. 

    Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

    Once you capture the access_server logs in debugging, run the same command to put the access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Note down the logout timestamp for a specific user and PM me the logs with the username. 

    Thanks,

  • 0 in reply to FormerMember

    Hi H_Patel, Thanks heaps for responding to my post. Here's some info for you to troubleshoot -

    - Users were created directly into the firewall > Authentication > users. So that not imported from anywhere else ex. AD etc.

    - Global settings set to `Unlimited` for both Simultaneous login and Max Session timeout.

    Log file shared via private message.

    Timestamp values are -

    Feb 23 09:18:04.020042

    Feb 23 09:28:36.483342

    Let me know if i missed anything. Thank you.

  • FormerMember
    0 FormerMember in reply to varun singh

    Hi ,

    Thank you for the update. I replied to your message.

    Could you please provide the output of the following commands?

    ls -al /var/cores
    grep -i "segfault" /log/syslog.log
    grep -i "access_server started Successfully" /log/access_server.log

    Thanks,

  • 0 in reply to FormerMember

    Here's the output -

    XG135_XN03_SFOS 18.0.4 MR-4# ls -al /var/cores
    drwxrwxrwt    2 root     0             4096 Sep  6 17:23 .
    drwxr-xr-x   40 root     0             4096 Feb 23 07:53 ..
    -rw-------    1 root     0         84680704 Jun  9  2020 core.ConfigReload
    -rw-------    1 root     0          9588736 Jun 10  2020 core.fwcm-eventd
    -rw-------    1 root     0        608878592 Sep  6 17:23 core.snort
    XG135_XN03_SFOS 18.0.4 MR-4# grep -i "segfault" /log/syslog.log
    XG135_XN03_SFOS 18.0.4 MR-4# grep -i "access_server started Successfully" /log/access_server.log

    There was no output for last 2 commands.

    Thanks

  • 0

    Same problem here! Exact the same problem, hardware e software versions.

  • FormerMember
    0 FormerMember in reply to Matt Mentele

    Hi ,

    Please open a support case for in-depth troubleshooting and provide access_server logs in debugging while replicating the issue. 

    Thanks,