Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 27 subscribers
  • Views 1271 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple CAA Clients Not Able To Connect At The Same Time

lnxk

Running into an issue and I'm at a loss to find the answer.  Essentially when I first set up my XG firewall (Home User) I was able to successfully configure CAA access for all my endpoints and everything was working fine.  About 2 weeks ago the firewall started only letting 1 CAA client to connect at a time.  Every time the second user account logs in it disconnects the first user.  I've seen multiple questions regarding this over the last 4 years but the only answers I see is to put the logging for the access server into debug and look at the logs (which I have tried) but no answer on how to actually fix the issue.  The logs don't show me anything except that the endpoint was logged off but no reason why.  Ping & Pongs work fine to the endpoint so it's not connectivity related. As soon as the second user logs in it immediately logs out the first user each time even though they are totally separate accounts, multiple login for accounts are allowed and no mac lockdown is active.  Anyone have any thoughts on how to fix this?  It did work fine for the first 30 days that I had the firewall up.



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for reaching out!

    What version of the Firewall are you running?

    Is the time matching between the Firewall and endpoints?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Time matches on all my endpoints.  I use NTP the keep them all in sync.  Problem started happening on SFOS 19.0.0 GA-Build317 so I upgraded to SFOS 19.0.1 MR-1-Build365 hoping it would fix the issue but the problem persists even after the update.  

  • 0 in reply to lnxk

    Hi lnxk

    Multiple users cannot stay login on to the CAA client, that is not possible, the user will get disconnected if another user login on CAA on the same system.

    if you still looking for a solution put your thoughts on the Feedback button on Sophos XG GUI available on TOP as per the snapshot 

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    I have "Unique" users.  "1" per "device".  I'm not sharing the same user on anything.  Even though they are unique though (User A & User B & User C) if User A is already logged in to CAA on Device A, User B logging in to CAA on Device B will log UserA out of CAA on Device A

  • 0 in reply to lnxk

    Hello Inxk

    Is my understangin that this was working properly on v18.5 MRx and then you upgraded to v19 and this issue started happening?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    It was working on SFOS 19.0.0 GA-Build317 (no mention of 18 above) then it stopped working about 2 weeks ago so I upgraded to SFOS 19.0.1 MR-1-Build365 hoping it would fix the issue but it didn't.

  • 0 in reply to lnxk

    Hello there,

    Thank you for the clarification I got confused by this "Problem started happening on SFOS 19.0.0 GA-Build317"

    I have sent you a PM to get access to the logs.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to lnxk
    lnxk said:
    if User A is already logged in to CAA on Device A, User B logging in to CAA on Device B will log UserA out of CAA on Device A

    Generally, it should not happen I checked the same way with two Windows 10 systems User A did not get disconnected from Device A if User B logged in on Device B

    May I know more detailed info on the virtual platform on which Sophos XG is installed?

     Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to emmosophos

    @Emmosophos, yes, we can coordinate today.  I will reply to your PM.

  • 0 in reply to Bharat J

    Bharat, it is not a virtual machine.  It is a physical firewall device I have installed Sophos on.  And yes, I know it should not happen.  It was working for a month with 3 unique users and all of a sudden stopped working properly.

  • 0 in reply to lnxk

    Just to troubleshoot the issue have you checked by disabling firewall acceleration or rebooting the firewall?

    console>sys  firewall-acceleration show (by default it is enabled)

    console>sys  firewall-acceleration disable ( to disable for troubleshooting issue)

    console>sys  firewall-acceleration enable ( to revert back the changes)

    if you plan to reboot the firewall run console>sys fsck-on-nextboot ?

    Make sure you are taking regular backup of Sophos XG below your test. Share the feedback if you encounter any error message on CAA once user gets disconnected share with a screenshot too.

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    I will try later.  Currently acceleration is enabled and was on while even when it was working.  Firewall has been rebooted multiple times during the firmware upgrade.

Reply Children
No Data
Unfiltered HTML