Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 510 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote STAS in bridge mode

Gib GoDesk

Remote STAS in bridge mode

Hello guys.

I'm approving an environment where we have sophos in bridge mode.

The following scenario being evaluated.

Office:

router <-> sophos fw(l2) <-> switches

Inside this office we have an AD with STAS, running and working.

Branch:
router <-> sophos fw(l2) <-> switches

This branch does not have an AD, so authentication will take place through the STAS installed in the office's AD.

What is the problem:

As it is configured in bridge mode the incoming connection hits the WAN zone and is denied by local_acl.

Unfortunately in the "Device Access" settings there is no way to allow it in the WAN zone. How could I release?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Bharat J

    Hello Bharat J. Thank you for your time.

    This solution does not apply to my scenario. I have sophos configured in bridge mode. I don't have a VPN zone.

  • 0 in reply to Gib GoDesk

    Hi Gib GoDesk 

    STAS does not support from WAN zone, and as per your scenario, Sophos is configured in bridge mode which has the below the limitation:  1)   Virtual Private Network (VPN) 2)   Multi-Link Manager (MLM) 3) DMZ Zones where the shared link might not help as not enough information how Sophos exactly deployed only bridge mode or mixed mode to check go to  Configure -->Network --->Interfaces configured currently. 

    Further, it would be great if you contact  Sales Engineers or Partners to confirm that you meet your requirement with mixed mode and follow the link I have shared.

    Thanks and Regards 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    I haven't opened a case yet because it's under approval\test.
    Also prefer to bring the community to add knowledge.

    I'm not using mixed mode, the settings for bridge operation are correct. It does not need to participate in a network routing decision. I am aware of the STAS limit in the WAN zone. Exactly what I want to win.

    I'll wait a little longer, see if anyone in the community knows or has something similar. I'm waiting for something via console to solve.
    If not, I'll go to support and post the solution here.

    Thank you very much Bharat.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML