STAS & XG

Scale,

Did you create the authentication server under System > Authentication > Authentication Server?

Follow this guide:

Hum i changed the interface IP for the collector and it works now.

Thank for you help

Hi,

Furthermore, you may bypass UDP ports 6677, 5566 and 6060 from Advance Firewall options withing AD server to allow communication between STAS controller and Sophos XG.

Hi scale,

I'm in your same situation, but cna't figure how to solve it. What do you mean that you have changed the interface IP? Changed the collector/serve ip?

Many thanks

Sic,

follow the guide and all other links inside. I have configured several STAS and SATC without issue.

Hey, I had two networks, i changed the IP from 172.16.16.16 to another interface : 172.16.17.16, but it doesn't make sense. I would not be surprised if my virtual switch bugged me on this one. Good luck!

Hi,

Here why you need to change interface IP in controller, let me explain!!

Lets say, you have two Interfaces on XG, one is PortA (LAN Zone) with IP address 172.16.16.16/24 and PortC (DMZ Zone) with IP address 192.168.1.1/24.

Lets assume your AD server is in DMZ zone and in that you may have installed STAS.

Now, ideally, administrators configure LAN zone IP as Cyberoam IP in STAS controller which is 172.16.16.16, as per this example.

In XG, you may have added controller IP 192.168.1.2(For ex.).

Now, request from XG to Controller is like source IP as 192.168.1.1 and destination as 192.168.1.2 on port 6677.

So, in such case, your STAS would get failed to authenticate users, as in controller XG IP is 172.16.16.16, not 192.168.1.1.

So, finally you need to change XG IP as 192.168.1.1 in controller, as request is coming from that IP address on AD server. This is the reason why you may need to change IP in controller.

Best of Luck!!!!!

Dear Avinash,

I have configured same but my AD server already in Lan and other port is DMZ 

Port A is - Lan -172.16.33.1 and AD server IP - 172.16.33.121  i have configure STAS in AD Agent and controller are testing done and Firewall testing done but issue we are facing my add user not able to access internet even I'm not able to see any logs in my firewall so please suggest what action should i take for the same 

Deepak Kumar Patidar

My AD Authentication is working, but I have always about 50% of firewall traffic by user N/A... so this is like having it not working unfortunately...

anyway, in your KB, you haven't written the users exclusion  method (black list) that in my case is necessary due to Arcserve Backup Software. In Cyberoam KB you could find it in the CTAS troubleshooting and I think it is necessary to add also in Sophos STAS KB. Just my 2 cents

Hi Deepak,

Please, follow below steps for further troubleshooting:

1. Verify if AD server IP is correct in XG telnet console. Also, cross verify in AD server with XG IP address.

2. Verify DN name in AD integration if it is proper or not. Also, verify the same in STAS configuration.

3. Verify AD server local Firewall and if it is enabled/disabled, please bypass USP ports 6060, 6677, 5566 from advance firewall in AD server.

4. Verify tcpdump on XG telnet console with port 6060 or port 6677 and see whether any incoming/outgoing packets.

5. Verify Log Viewer -> Authentication logs, for the users if it is getting failed because of any reason or log itself not generated.

Please, send screen-shots for further verification.

Hi Deepak,

Please, follow below steps for further troubleshooting:

1. Verify if AD server IP is correct in XG telnet console. Also, cross verify in AD server with XG IP address.

2. Verify DN name in AD integration if it is proper or not. Also, verify the same in STAS configuration.

3. Verify AD server local Firewall and if it is enabled/disabled, please bypass USP ports 6060, 6677, 5566 from advance firewall in AD server.

4. Verify tcpdump on XG telnet console with port 6060 or port 6677 and see whether any incoming/outgoing packets.

5. Verify Log Viewer -> Authentication logs, for the users if it is getting failed because of any reason or log itself not generated.

Please, send screen-shots for further verification.

Hello ,

I am having a hard time configuring a XG85 for testing purposes.

I have integrated the STAS in the AD of W2012 server, I however do not see any active user and when I apply access rule to user 'toto' with rights in AD the rule does not work.

If I apply the rule to everybody all is ok!

Any ideas?

I am new to SOPHOS, 

Hugo2072.STAS_login.txt

Hugo,

did you enable the account logon events and account events on the Default Domain Policy?

Check inside the Security Events on AD if you have users account logon events.

Thanks

I have a same way

I don t see my AD users on sophos

                   - i disable firewall on add server

                   - i check event log audit3

                   - i do success test on adavanced tab except the WMI fail wit RPC server not available

Hi julien, 

Could you check the settings of on AD setting from step 5 onwards as per the Kb article 

https://kb.cyberoam.com/default.asp?id=1864&SID=&Lang=1&hglt=audit instead of Cyberoam in the Command line use "system"

I don t have additional ad server so why i need to check the step 5 ?

I find a way on this post with the lot of screen of irvin

https://community.sophos.com/products/xg-firewall/f/authentication/83357/stas-problem-with-user-authentication-on-xg-v16

I check the NTLM on my LAN interface on administration/acces device and now my live user appear on my sophos