Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 3 answers
  • Subscribers 28 subscribers
  • Views 2215 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why this user or computer can access to internet ?!

Fotit

Hello All,

With sophos xg in the company

AD authentication (stas and CAA)

I have may be 40 rules FW LAN > WAN, but all these rules are with "match known users", so  users or groups are presents

there is no rule witch allow mac@ pc or ip address pc or no authentication

So by chance i had computer joind to domain, but i open local session ,not domain session, with local administrator account

then i try google web browser and it access directly !! to internet

there is no rule witch matching user administrator account, and i opened local session on the computer!

 normally i will have two options:

1- no internet access or

2- redirecting to web portal ( for authentication)

but none of these two options

In this case , all who have computer and connect it to the network can access internet !!?

what happened?

Thank you for your feedback



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Adding to what Erick mentioned, do a GUI Packet Capture using the IP of the computer in question, and confirm which Firewall Rule is being used.

    Regards, 

  • 0 in reply to emmosophos

    Hello Erick Jan & Emmanuel

    yes the main authentication is on AD

    so, i will doing Packet capture to confirme witch FW rule is being used

    i will be back !

  • 0 in reply to Fotit

    okay

    when i check logviewer and filter by src ip, 

    I found that this ip is related to a domain user (x)!
    normally no, there should be a conflict
    and this PC that I am testing on it, I use user01 and it is a local windows account which opens a local session on the PC
    the PC took an ip address, but my problem is that in logviewer, I found a domain user (x) with this ip address logged in !!?
    what happens?

  • 0 in reply to Fotit

    Hello Fotit,

    This is because the XG/STAS associates an IP with a User when the user first logs in.

    This should be able to be avoided by using STAC, or by accessing first to the computer, with the local user.

    Regards,

  • 0 in reply to emmosophos

    Hello,

    but that doesn't solve my original problem

    it is abnormal that you take any pc joined or not to the domain and when you create a local user (lambda) on this PC and you connect it to the network, the user is authorized to go on the internet !!.
    ok i know that a domain user when he connects, stas associates an ip to this user, but it is not an association until the end of life..
    so this pc that took an ip by dhcp, and that the user that opened a session does not exist on the domain, it is connected to the internet through an existing association, there is a lack of reliability heaps
    And I don't know how to approach this problem

    did you manage to understand my context

    Thank you

Reply
  • 0 in reply to emmosophos

    Hello,

    but that doesn't solve my original problem

    it is abnormal that you take any pc joined or not to the domain and when you create a local user (lambda) on this PC and you connect it to the network, the user is authorized to go on the internet !!.
    ok i know that a domain user when he connects, stas associates an ip to this user, but it is not an association until the end of life..
    so this pc that took an ip by dhcp, and that the user that opened a session does not exist on the domain, it is connected to the internet through an existing association, there is a lack of reliability heaps
    And I don't know how to approach this problem

    did you manage to understand my context

    Thank you

Children