STAS Configuration

Question

Hi All, 
 I'm setting up my first Sophos XG and struggling a little with AD integration. I'm hitting a roadblock when it comes to testing connectivity. When I go to the Advanced Tab of the STAS and test Sophos, I get the message " Test Connection successful but Collector is not added / STAS is disabled in Sophos. I've tried to find the answer here but not having much luck. Could someone shed some light as to what this actually means and how I can correct it? 
 Thanks in advance.

sachingurung · Answer

Hi Paul,

After implementing STAS on the AD Server, you can integrate it with SF by following the steps below.

Step 1: Configure SF to use Active Directory as Authentication Server.

Refer to the article How to Integrate Sophos Firewall with Active Directory for detailed instructions.

Step 2: Configure a Collector Port and Group in SF

Log in to the SF CLI using an Administrator profile.

Go to Option 4. Device Console.

Execute the following command to enable Sophos Transparent Authentication.

console> system auth cta enable

Execute the following commands to add a collector IP and a collector port, as well as create a collector group.

console> system auth cta collector add collector-ip <ip-address> collector-port <port> create-new-collector-group

Hope that helps :)

sachingurung · Answer

Hi, 
 Did you install STAS with super admin privilages? Is STAS enable on Sophos UTM? To use STAS, it first must be enabled and a collector machine has to defined. To enable STAS, proceed as follows: 
 1. Navigate to Definition & Users > Client Authentication. 
 2. Switch to the Sophos Transparent Authentication Suite tab. 
 3. Under "STAS Status", activate the toggle switch. 
 4. Click New STAS Collector. 
 5. As port, select STAS Collector. 
 6. Fill in the remaining fields as described in the online help of the WebAdmin console. 
 Hope that helps:)