Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 7787 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS - Users can not authenticate after disable primary DC

Toan Cao

There are 2 DC (1 primary DC and 1 additional DC) synchonizing with Sophos firewall using STAS in my system, and we are using web proxy feature on Sophos. I had installed STAS suite packet to primary DC first, then I installed to Addition DC, each DC was configured the collector and agent by itself and not related each other.

After that, I had tested the authentication between users and Sophos, it worked well.

Problem: After I had disabled primary DC and I had restarted Sophos firewall, additional DC and some user's PCs, users could not authenticate with Sophos.

My solution: I had Uninstalled STAS on Additional DC and had reinstalled all STAS's configuration on Sophos XG, then everything worked well

It will too inconvenient for me if I have any trouble with Primary DC in the future.

Do you have any experiences like my problem?

 

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    I have read that guide, but in event of hardware or power failure of primary DC, if I followed that guide, the additional DC would not be synchronized with Sophos. So I designed follow my model: each DC will install STAS with distinct configuration, if users authenticate with primary DC, the collector from primary DC will send that information to Sophos and it is similar in addition DC.

    That is my idea. 

    Thanks in advanced !

  • 0 in reply to Toan Cao

    Toan,

    make sure you use Collector Group. For each group, up to 5 Collectors can be added but only the "fastest one" will be act as primary collector. if the primary collector fails, XG will elect a new primary collector and XG redirects live users to the new primary connector and no disconnection will occur. This is the design used by XG-STAS components.