Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 4 answers
  • Subscribers 29 subscribers
  • Views 14164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Radius SSO Timeout

subahar ramasamy

We have XG330 with STAS and Radius SSO. When users connect the wireless with Radius sso through their mobile phones it gets authenticate and we are able to see users in live users list. But after few minutes their name will disappear from the list but still their mobile is connected to the wireless network. But they dont have internet because sophos not seen their login name and it drops the connection. how can we solve this issue, we are in the process of implementing BOYD so we need to found solution for this issue.thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Subahar,

    Take SSH to XG and goto option 5. > 3. Advance Shell then execute,

    cd /log

    tail -f access_server.log  | grep username

    Now, authenticate the user and monitor the logs until the user is logged off.

    Does the users get a captive portal page when they are disconnected? 

    In case, the user is disconnected from live user page or gets captive portal authentication page after some time it means STAS is unable to check user status by workstation polling method. STAS uses two methods for workstation polling, WMI and Registry Read Access. Both methods are for getting user status from individual machine. An administrator can choose any one of these two methods for workstation polling.

    Perform WMI\Registry read access verification to user’s IP address. If query is failed then the Windows Firewall or Antivirus could block the WMI\Registry read access query. Add an exception for TCP port 445 and 135

    Thanks

  • 0 in reply to sachingurung

    Hi Sachin,

    Thanks for reply. 

    Here users are connected through Android and IOS devices not with windows laptop. They connect to wireless with Radius WPA2\enterprise with meru wireless controller. In that controller we added Sophos XG as accounting server through that users are getting authenticate to Sophos as Radius SSO users. I would like to know do we have any timeout setup for Radius users in XG firewall? If we get that setup for unlimited or say few hours our issue will get resolved.

    Let me know is there any setting i need to enable to achieve this function.

    Regadrs

  • 0 in reply to subahar ramasamy

    HI subahar, 

    While using Radius SSO , you set the Global Settings for the same as per the snapshot. 

    Any luck with that ?

  • 0 in reply to Aditya Patel

    Hi Aditya,

    It looks we do have similar setting on our box, see below snapshot of it. But still we see the error on Radius SSO user disappearing from live users.

     

  • 0 in reply to subahar ramasamy

    I have the same issue so RADIUS SSO users are de-authenticated from appliance. This seems to be an issue if a user is a member of VLAN and it is in a different network than LAN interface on XG. We have static routing on XG set to our VLANS.

Reply Children
No Data