Same issue here. Nothing but headaches since we started using these firewalls. Really sad. I used Sophos UTM's at a previous job and they were solid. Seems like they've just gotten careless and sloppy over the last few years. XG is riddled with bugs.
And as far as i can tell, STAS works fine in most of my setups for now. And - if you do not want to go with STAS, you could try out the SSO client. https://community.sophos.com/kb/en-us/123159
And as far as i can tell, STAS works fine in most of my setups for now. And - if you do not want to go with STAS, you could try out the SSO client. https://community.sophos.com/kb/en-us/123159
1.The VPN between the two XGs drops out randomly, perhaps once a fortnight, and it never comes back up after a reboot. I have to go in to VPN (both icons are green but no VPN exists) and click 'Disconnect' then 'Connect' in the VPN window.
Any advice on the IPSEC settings which should be most stable would be greatly appriecated?
Last time I spoke to Sophos Support they said the Captive Portal would only display an IP address and therefore a CA signed certificate would always give a security error. I shall the set the value of the proxy_url_use_hostname to on and purchase a new certificate.
3. STAS users keep disconnecting and have done since I purchased the XGs. I've had a support ticket open since Feb 2018.
All tests in STAS (WMI, Reg, Agent, Collector) show as successful. Live users appear in STAS and then randomly drop off, anywhere between 4min-4hrs. Recently I added another domain controller running the Sophos agent. Any clients authenticated against that DC, in 'Show Live Users' display the XG's ip address?! Then, suddenly appear again with the correct ip address and then drop off.
