Remote STAS in bridge mode

Hi Gib GoDesk

The below link shows the possible way to allow branch office users to automatically authenticate with the head office Active Directory server with clientless SSO (STAS)

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationAllowSTASOverVPN/index.html#prerequisites 

Regards

Hello Bharat J. Thank you for your time.

This solution does not apply to my scenario. I have sophos configured in bridge mode. I don't have a VPN zone.

Hi Gib GoDesk 

STAS does not support from WAN zone, and as per your scenario, Sophos is configured in bridge mode which has the below the limitation:  1)   Virtual Private Network (VPN) 2)   Multi-Link Manager (MLM) 3) DMZ Zones where the shared link might not help as not enough information how Sophos exactly deployed only bridge mode or mixed mode to check go to  Configure -->Network --->Interfaces configured currently. 

Further, it would be great if you contact  Sales Engineers or Partners to confirm that you meet your requirement with mixed mode and follow the link I have shared.

Thanks and Regards 

I haven't opened a case yet because it's under approval\test.
Also prefer to bring the community to add knowledge.

I'm not using mixed mode, the settings for bridge operation are correct. It does not need to participate in a network routing decision. I am aware of the STAS limit in the WAN zone. Exactly what I want to win.

I'll wait a little longer, see if anyone in the community knows or has something similar. I'm waiting for something via console to solve.
If not, I'll go to support and post the solution here.

Thank you very much Bharat.