Sophos STAS need port 1220 to be open on client side

Question

Hello, 
 When i'm implementing Sophos transparent authetification, i found that the STAS agent run communication on port 1220. 
 But In documentation it mentioned that the agent need only port 135 and 445 to be open on the client side. 
 
 RODC (STAS) : 17.16.X.A 
 Windows Client : 172.16.X.T 
 TCP 172.16.X.A:52552 172.16.X.T:135 ESTABLISHED TCP 172.16.X.A:52553 172.16..X.T:135 ESTABLISHED TCP 172.16.X.A:52554 172.16..X.T:1220 ESTABLISHED

Vivek Jagad · Accepted Answer

That's weird, but you should check the complete working of the STAS in the following link below:
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/125318/sophos-xg-firewall-best-practice-for-stas

This will clear your perspective of the working & configurations of STAS and the ports used...

BrucekConvergent · Answer

Don't need 1220 -- the information in the Best Practice doc linked above is accurate. I'm not Sophos, but I have been reselling/ implementing STAS since it came out for my customers.

Vivek Jagad · Answer

Hello, thank you for your query... The Active Directory Server should have the following ports open: 
 
 STA Collector > XG Firewall (UDP 6060) 
 XG Firewall > STA Collector (UDP 6677) 
 STA Agent > STA Collector (TCP 5566) 
 
 You only need to enable the following ports if you are using these methods: 
 Workstation Polling Methode (WMI) oder Registry Read Access : 
 
 Outgoing TCP 135 
 Outgoing TCP 445 
 
 Logoff Detection Ping : 
 
 Outgoing ICMP 
 
 STAS Collector Test : 
 
 Incoming/Outgoing UDP 50001 
 
 STAS Configuration Sync : 
 
 Incoming/Outgoing TCP 27015

Sophos STAS need port 1220 to be open on client side

Top Replies

Submitted a Tech Support Case lately from the Support Portal?