Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 48 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 93807 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 16.05.6 MR-6 Broken STAS?

M8ey

Hi All,

 

We have an XG 230 that I upgraded the firmware on. Since then users are getting the authentication pop up from the XG where others are fine.

Rebooting their PC fixes some so it might lead to a fresh login event fixing it. The Firewall shows them logging in but then logging out and then I get a Authentication fail.

Seems STAS is working for many but randomly fails others since the Firmware update.

I run two DCs with STAS enabled (Latest version of STAS) and I can see live users active yet others not. The inactivity time outs are set high so they would need to walk away for a few hours to be timed out.

EDIT: I disabled the Inactivity time out but still have the issue.

  

The logs just show NTML Client failed to Authenticate

Anyone else having this issue?

 

 

Edit: I can see a few others having the same since the update so I will roll back my Firmware for now until a fix is released.



This thread was automatically locked due to age.
  • 0 in reply to dna

    any news about the release date of MR8?

     

    Regards,

  • 0 in reply to M8ey

    Unknown said:

    Case # 7440971

    I put this in the support ticket:

     

    XG230 running 16.05.5 MR-5 working fine. I have STAS set up and and on two collectors - one server 2008 R2 DC and another on Server 2016 DC. I have around 160 users a day logging in and using the XG230 Proxy without problem.

    Two nights ago i loaded the new MR-6 Firmware - notre web right from the morning users were complaining about no internet access and being shown the captive portal. Reboot PC didnt fix it in many cases so not an event issue. Some did get the internet back after a reboot but lost it again within an hour.

    STAS showed Live users however in the Authentication logs I could see User Authenticated and right after Denied.

    It was so bad I had to roll back to MR-5 and working as normal again.

     

    Not a problem since - so STAS with Proxy / XG230 / Authentication or instant time out was causing the captive portal to open and SSO was not working.

     

     

    Thanks for your help :)

  • 0 in reply to dna

    Bump for an update.

    Can we expect a release today?

  • 0 in reply to DrewHammond

    Hi all,

    MR8 has been released today. Can someone update to latest release and reply here with a feedback?

    Thanks

  • 0 in reply to lferrara

    Hi,

    i can confirm that the fix (NC-21538) went into the MR8 release as well as into v17Beta.

    Hth

  • 0 in reply to dna

    Did anyone load it that was having STAS issues to ensure the fix did indeed fix it?

    As I only have one live production system I hate to "try" stuff.

  • 0

    Hello,

     

    MR8 is here and is working for us the authentication bug is fixed !!! 

    It important that Sophos understand that we find pity the lack of reactivity for fixing this bug.

    We had to wait 3 updates and long weeks.

    We had to explain to our final customers who did not understand Sophos' slow response to such a major problem, we lost a lot of time and money trying to find intermediate solutions (sometimes by removing the security of authentication at the client) ...

    Please for the future, take more importance for that kind of problem, it should be a priority.

    Thanks in advance. Regards.

     

  • 0 in reply to Christophe CHESNEAU

    you should take note of the amount of time you spent to fix this bug and the "pain" the Partner has paid.

    Thanks FrançoisMORANO for reporting back.