Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 9182 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup STAS create a collector

Nino Padrutt

Hi

 

I setup a new XG115 and tried to setup the STAS. For that I tried to follow this guide: https://community.sophos.com/kb/en-us/123156

Unfortunately, in the part for the firewall configuration it seems there are some commands missing:

 

Step 2: Configure a Collector Port and Group in SFOS

  1. Log in to the SFOS CLI using an Administrator profile.

  2. Go to Option 4. Device Console.

  3. Execute the following command to enable Sophos Transparent Authentication.

  4. Execute the following commands to add a collector IP and a collector port, as well as create a collector group.

 

 

I activated the Sophos Transperant Authentication Suite on the GUI under Authentication - STAS. Now is the collector left. Can anyone guide me to a guide where it states how to configure it or tell me how the command for that part is ? 

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Nino,

    one hint little hint.

    when you have enabled stas, all traffic except traffic from the wan zone must be authenticated! this means, when you have linux servers or machines, which are not an member of the ad and do not generate logon/logoff events on your dc, you must create an clientless user for this machine under authentication-->clientless users.

    you can add here single machines, or ip ranges. if you create clientless users over ip range, be sure, that this clientless users are enabled.

    the xg with enabled stas will drop by default non authenticated traffic of all zones except the wan zone every full hour for 120 seconds!

     

    cheers andy

Reply
  • 0

    Hi Nino,

    one hint little hint.

    when you have enabled stas, all traffic except traffic from the wan zone must be authenticated! this means, when you have linux servers or machines, which are not an member of the ad and do not generate logon/logoff events on your dc, you must create an clientless user for this machine under authentication-->clientless users.

    you can add here single machines, or ip ranges. if you create clientless users over ip range, be sure, that this clientless users are enabled.

    the xg with enabled stas will drop by default non authenticated traffic of all zones except the wan zone every full hour for 120 seconds!

     

    cheers andy

Children