Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 33 subscribers
  • Views 28857 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Authentication Agent not re-connecting once offline

PrafullaParaskar

Hardware: Sophos XG 125

Firmware: XG125 (SFOS 15.01.0 MR-2)

SAA version: 1.2

I am already in contact with support for this one, but reposting here in case some from user community may have solved it already. Thanks in advance :) 

The problem:

SAA disconnects every 8-10 minutes requiring user to reconnect manually.

Background: 

  1. We use Azure Active Directory (Office 365). As we don’t have an in-house Active Directory, SSO with AD cannot be used.
  2. We don’t want the end user to login frequently to just access internet, so Captive Portal Authentication cannot be used.
  3. As a result, only Sophos Authentication Agent (SAA) is the ONLY way identity can be implemented here.

 On to SAA now: 

  1. It is perfectly fine if SAA goes offline if the user is inactive (icon turning gray) for simple efficiency reasons.
  2. But, SAA NEEDs to come back online AUTOMATICALLY with the saved password whenever the internet connection is required. THIS IS NOT HAPPENING. The user have to find the system tray icon (often Windows hides it). Then right click on “Set Credentials” to see the SAA user interface and click OK to come back online. This Leads to a lot loss of productivity and heartburn for end users.

 On to the last debugging session with support team: 

  1. We have monitored the SAA on a few machines and it is continues to disconnect. At this point of time, the ICMP ping to Sophos Gateway works normally on the end machine.
  2. The client machine does not have any local firewall (expect Windows default) or any specific antivirus (except Windows Defender). Both these products DO NOT obstruct the traffic between Sophos Gateway and local machine or SAA. If it would have, how does SAA work for first 8 to 10 minutes?
  3. We have checked any additional hardware in between. There is only one switch (Netgear GS724Tv4). It is not configured to inspect any traffic or for any other traffic shaping. Also, if this switch would have been a problem for breaking the PING/PONG of SAA with Sophos Gateway, there is no reason why it won’t do so in the first few minutes? Why there is even connectivity if this switch is dropping this basic PING/PONG?

Conclusion:

The simple questions that need to be answered on this issue are 

  1. Why SAA does not reconnect automatically?
  2. Why SAA goes offline every 8-10 minutes even after the Global Time-out settings suggest different behaviour?
  3. Why SAA works for first 8-10 minutes?
  4. Why no one including, in-between switches, local firewall or local anti-virus do not intervene for first 8-10 minutes when SAA works as expected?
  5. Why SAA works after manual re-connect?

Apologies for any agitated tone in the post, it is not directed towards community :)



This thread was automatically locked due to age.
Parents Reply Children
No Data