Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 48 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 93783 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 16.05.6 MR-6 Broken STAS?

M8ey

Hi All,

 

We have an XG 230 that I upgraded the firmware on. Since then users are getting the authentication pop up from the XG where others are fine.

Rebooting their PC fixes some so it might lead to a fresh login event fixing it. The Firewall shows them logging in but then logging out and then I get a Authentication fail.

Seems STAS is working for many but randomly fails others since the Firmware update.

I run two DCs with STAS enabled (Latest version of STAS) and I can see live users active yet others not. The inactivity time outs are set high so they would need to walk away for a few hours to be timed out.

EDIT: I disabled the Inactivity time out but still have the issue.

  

The logs just show NTML Client failed to Authenticate

Anyone else having this issue?

 

 

Edit: I can see a few others having the same since the update so I will roll back my Firmware for now until a fix is released.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ian,

    Please update us if the rollback to the previous firmware fixes the issue.

    Thanks

  • 0 in reply to sachingurung

    on MR-6 release notes other people are reporting that STAS is broken.

    Can you investigate on that and let us know?

    Thanks

  • 0 in reply to lferrara

    Hi Luk,

    There is no case reported yet, I would request all to report this to the support team and provide me the case#.

    Thanks

  • 0 in reply to sachingurung

    , , , can you report the STAS here and even the ticket open with Sophos Support?

    Thanks

  • 0 in reply to lferrara

    I reverted to previous firmware; opened a ticket (#7438609) but I don't' intend to apply the firmware just to debug.

    In my case users showed in STAS agents but no on UTM and also login from authentication page failed in some cases.

  • 0 in reply to lferrara

    Case # 7440971

    I put this in the support ticket:

     

    XG230 running 16.05.5 MR-5 working fine. I have STAS set up and and on two collectors - one server 2008 R2 DC and another on Server 2016 DC. I have around 160 users a day logging in and using the XG230 Proxy without problem.

    Two nights ago i loaded the new MR-6 Firmware - right from the morning users were complaining about no internet access and being shown the captive portal. Reboot PC didnt fix it in many cases so not an event issue. Some did get the internet back after a reboot but lost it again within an hour.

    STAS showed Live users however in the Authentication logs I could see User Authenticated and right after Denied.

    It was so bad I had to roll back to MR-5 and working as normal again.

     

    Not a problem since - so STAS with Proxy / XG230 / Authentication or instant time out was causing the captive portal to open and SSO was not working.

  • 0 in reply to lferrara

    lferrara said:

    , , , can you report the STAS here and even the ticket open with Sophos Support?

    Thanks

     

     

    Sure can. Case number is "[#7428479] Initiating STAS for Authentication method fails"

    I have managed to get it working and so far it seems to be sturdy but, and a huge but, I have had to alter security to allow the account to perform WMI probes. Not sure I like that.

  • 0 in reply to M8ey

    Unknown said:

    Case # 7440971

    I put this in the support ticket:

     

    XG230 running 16.05.5 MR-5 working fine. I have STAS set up and and on two collectors - one server 2008 R2 DC and another on Server 2016 DC. I have around 160 users a day logging in and using the XG230 Proxy without problem.

    Two nights ago i loaded the new MR-6 Firmware - notre web right from the morning users were complaining about no internet access and being shown the captive portal. Reboot PC didnt fix it in many cases so not an event issue. Some did get the internet back after a reboot but lost it again within an hour.

    STAS showed Live users however in the Authentication logs I could see User Authenticated and right after Denied.

    It was so bad I had to roll back to MR-5 and working as normal again.

     

    Not a problem since - so STAS with Proxy / XG230 / Authentication or instant time out was causing the captive portal to open and SSO was not working.

     

     

    Thanks for your help :)

Reply
  • 0 in reply to M8ey

    Unknown said:

    Case # 7440971

    I put this in the support ticket:

     

    XG230 running 16.05.5 MR-5 working fine. I have STAS set up and and on two collectors - one server 2008 R2 DC and another on Server 2016 DC. I have around 160 users a day logging in and using the XG230 Proxy without problem.

    Two nights ago i loaded the new MR-6 Firmware - notre web right from the morning users were complaining about no internet access and being shown the captive portal. Reboot PC didnt fix it in many cases so not an event issue. Some did get the internet back after a reboot but lost it again within an hour.

    STAS showed Live users however in the Authentication logs I could see User Authenticated and right after Denied.

    It was so bad I had to roll back to MR-5 and working as normal again.

     

    Not a problem since - so STAS with Proxy / XG230 / Authentication or instant time out was causing the captive portal to open and SSO was not working.

     

     

    Thanks for your help :)

Children
No Data