Hi all,
I did configure STAS on a single DC.
Communication between XG and DC it's working but some users didn't show up in the firewall. This means the firewall rules don't apply to him.
AD Server: 128.128.128.28
XG appliance: 192.168.50.1
I did check the tcpdump with ports UDP 6060, UDP 6677 and TCP 5566.
console> tcpdump 'port 6677'
tcpdump: Starting Packet Dump
11:44:43.799304 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
11:44:51.991303 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
11:45:00.183306 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
11:45:16.567315 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 20
11:45:32.951299 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
11:45:57.527343 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 20
11:46:30.295341 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 22
11:46:38.487305 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
11:46:46.679310 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
11:46:54.871305 PortE4, OUT: IP 192.168.50.1.57793 > 128.128.128.28.6677: UDP, length 21
The logs on the firewall shows that the client don't use any "Auth Client" (everyone else is using CTA).
The user exists in the AD, it exists in the firewall.
I did check the Captive Portal in the firewall rule I want to apply to him and that's the only way I can see him as a live user in the firewall.
Sadly, the Captive Portal isn't an option for our users so I'm trying to understand what is happening.
This thread was automatically locked due to age.
.gif&imgrefurl=https://technet.microsoft.com/en-us/library/dd277396.aspx&h=390&w=595&tbnid=nwuAE1Fta1gkLM:&tbnh=138&tbnw=210&usg=__S1eG62GKQE5pQTrz7pGmCYPnQzk=&vet=10ahUKEwiKg-Crou_VAhWCDxoKHWC4BkYQ9QEILDAA..i&docid=ukjpH27YNy8LoM&sa=X&ved=0ahUKEwiKg-Crou_VAhWCDxoKHWC4BkYQ9QEILDAA){kind=link}