Hi Team,
I am seeing some odd behaviour in the XG Packet Captures which is affecting users internet access when going between Wireless and Wired LAN.
When the users move from Wireless to Wired LAN the internet fails to work as in they cannot browse any external websites (Google, BBC etc). Local Intranet sites are fine as is the EU's company website as it accessed internally when on their LAN. Going back to wireless the internet access is restored. The EU uses Sophos Central to disable the ability to bridge interfaces.
The Packet Capture on the XG GUI displays USER_IDENTITY violations when the user is trying to browse from the wired LAN after changing from wireless. We are not using the 'match identity' feature on the specific rule (LAN --> WAN Explicit Allow). The wired LAN IP appears to be 'blacklisted' for a few days before it can be used again however reconnecting the wireless can get around this (as can assigning another available address statically to the wired LAN interface). The IP received from the wireless is from a completely different scope outsde of the wired LAN range. The wireless is served by Cloud Trax not Sophos. Users authenticate via RADIUS for wireless and Active Directory for the wired LAN. AD integration is not currently supported by Cloud Trax hence the use of RADIUS for authentication.
STAS v2.2.0 is installed on 2 DCs (Win 2008 and Win 2012). NTLM is not being used as SMBv1 has been disabled in the wake of the recent WannaCry outbreak.
Is there anything that I should be looking at (log files in cd /log specifically) or is there any reason why the XG would block this?
As always your thoughts are appreciated. We have a ticket open with Sophos but I thought I would post here justin case someone has seen this before. SFOS version is 16.05 GA.
Many thanks,
Matt
This thread was automatically locked due to age.