Thread Info
  • State Suggested Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 37 replies
  • Answers 4 answers
  • Subscribers 39 subscribers
  • Views 120969 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO AD User logout continuously

EmilMartini

Hi,

i have a xg firewall with AD SSO.

the users logged into the firewall are continuosly logged out after 20 minutes

2016-04-11 08:44:32
Firewall Authentication
SUCCESSFUL
dario.zzzz@xxxx.local
172.16.29.115
CTA
N/A
User dario.zzzz@xxxx.local was logged out of firewall
17703
2016-04-11 08:28:48
Firewall Authentication
SUCCESSFUL
dario.zzzz@xxxx.local
172.16.29.115
CTA
AD
User dario.zzzz@xxxx.local of group Proxy_All logged in successfully to Firewall through AD authentication mechanism from 172.16.29.115
17701


I have followed all the guides but I can not fix it

thanks

Emil



This thread was automatically locked due to age.
  • 0 in reply to Bill Roland

    Hi,  

    I have the STAS Inactivity Off.

     

    See this example. Where the user: nguerrero is getting a logout from the firewall. I install a application for monitor the AD Event Logs "ADAudit Plus" from ManageEngine for see the information in real time when the user connect when, where, how and from and i see the user connects and not see any logout from the session in the computer but i see this disconnection a lot. I understand cuz is about the NTLM Inactivity time the user is getting this i put the time in 480mins and it keep doing it.

    Not only that i see the computer name in live users and users in my utm. How this happen i don't know. If i go to the STAS Live Users i don't see the computer XXXX@XXXX.local authenticated, what i see is the user name logged and in the firewall is where is see the computer name logged.

    brot!

    In the forum, KB or with your knowledge. Do you know how to make this work fine? I follow all the KB information about how to get this done and i still get the issue.

    If any one ont have the issue can write me or post in here a solution.

    Best regard.

     

     

  • 0 in reply to Irvin ReynaldoRosario Vidal

    Try adding your servers (including AD servers, Exchange servers if you have them) to the IP login and logoff exclusion list in the STAS client and see if that changes anything. 

  • 0 in reply to Bill Roland

    Hi,  

    I will make a try but i don't see how this is going to work. Cuz on the STAS Client i don't see the computer information on the Logs.

    I only see this information in the Firewall. There is where i see the computer name authenticate but don't know from where.

    Thanks.

    I will give you a feedback in 1-2 days.

  • 0 in reply to ChristopherButler

    Christopher,

    I have this exact same issue, did you get anywhere with it?

    If I remote desktop anywhere as my Admin account, it takes that as a local logon event on my PC and logs my standard user account off the firewall. (Making the internet stop working)

     

    I have put an exclusion in for my admin account on the STAS collector and that has done the trick, However,

    sometimes we log into the RDS Servers as other users (to setup profiles or troubleshoot)... this will also log our standard user off the firewall.

     

    Thanks,

    Matt

  • 0 in reply to Matthew Trigg

    In addition to adding my administrator username to the Login User Exclusion List, I also added the IP Address of our servers so that when logging in/out of these servers it would be excluded. 

  • 0 in reply to ChristopherButler

    Now I have a suggestion from Sophos Support  to switch off an "inactivity detection" in STAS completely AND switch it on in Sophos XG. I´ll post results - if any.

  • 0 in reply to Jiri Hadamek

    Hi All, 

    Could you change the settings as per the snapshot below and check if this would resolve your issue?

  • 0 in reply to Aditya Patel

    Tomorrow I check this (I have same problem - logoff).. and I report results.

     

    I want to report that in "Current Activities/Live Users", if I filter by "Client Type" SSO, that filter does not show me anything (SFOS 16.05.4 MR-4)

  • 0 in reply to GabrieleD

    I simply ended with following:

     

    STAS logoff detection simply doesn´t work - sorry for this solution, but we decided not to cope with this problem anymore.

    We tried tens of possible configurations - without success. I appreciate work of Sophos engineers, but ,unfortunately, this part of STAS simply DOESN´T WORK.

     

    We decided to switch on "Inactivity timeout" on Sophos XG firewall. It is suboptimal solution, but (in some way) works.

  • 0

    Hi, @

    After hours of testing i see the users hav been logged out cuz the NTLM.

    The users after make the SSO with STAS they are working fine and after some time they are getting off the session. Try to put the NTLM off from Administration > Device Access > NTLM (LAN ZONE).

    let me know.

    Thanks.

     

    @

    @

    @