This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS Firewall with User on several machines(workstations)

Hey, I've setuped the STAS on my DCs. User are Reported... works fine.

I have a firewall rule to allow "ssh" and "ping" to one special host. (source is "USER A" and "TESTUSER B")

The first workstation wich comes online, after the UTM restarts, with logged in USER A works fine.
When i login USER A to a second workstation (same LAN) it wont work!?
Even when i login another User (TESTUSER B) on the second Workstation, the firewall rule wont work.

Do you have some ideas?

This thread was automatically locked due to age.

Parents

0 PatricBlass over 9 years ago

After some investigation...

now i am working on just one Workstation. When i login the first time (at the morning) the firewall rules seems to work. And later, when i come back and re-login to the workstation they doesnt (without login on another workstation).

The corresponding Log: "Child 31902 is running too long. Terminating child" What does this mean?

UTM is: 9.402-7

I have two Domaincontrollers (Win 2008/win2012),both have the STAS-agent installed, and one of them is STAS-collector

Some help? Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 PatricBlass over 9 years ago

After some investigation...

now i am working on just one Workstation. When i login the first time (at the morning) the firewall rules seems to work. And later, when i come back and re-login to the workstation they doesnt (without login on another workstation).

The corresponding Log: "Child 31902 is running too long. Terminating child" What does this mean?

UTM is: 9.402-7

I have two Domaincontrollers (Win 2008/win2012),both have the STAS-agent installed, and one of them is STAS-collector

Some help? Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 William Warren over 9 years ago in reply to PatricBlass

it means there's a bug..contact your support contact and let them know.
Cancel
Vote Up 0 Vote Down

Cancel
0 twister5800 over 9 years ago in reply to PatricBlass

Hi,

Do you have the GPO with audit: logon, logoff in place on both DC's?

Can you see the user login on both STA Agents (See the log in STAS configurator).
Cancel
Vote Up 0 Vote Down

Cancel
0 PatricBlass over 9 years ago in reply to twister5800

Hallo twister,

i've a group policy for my dc's to audit logon events like described in the pdf from sophos.

and yes it looks like, i can see user from both dc's. but it seems, that some (my own user) are deleted from the UTM to fast. So i'am still loged in, and my entry is missing. when i lock my win10 and relogin, it works again...
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to William Warren

I'm getting the feeling that STAS isn't soup yet...

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 twister5800 over 9 years ago in reply to BAlfson

I agree there are some issues between the STAS agent and UTM, with users not showing as online and sometimes it just works!

For now I have removed this checkmark in UTM:

So I just can monitor the usernames in the webprotection log.

I have setup simple in lab with just one DC and one UTM, still some users are shown as IP and some with AD name.

The logs on STAS and UTM shows no direct error.

I just think the product has to get the final layer of paint - It's still a great feature :-)
Cancel
Vote Up 0 Vote Down

Cancel
0 Louis-M over 8 years ago in reply to twister5800

I've had to do the same ie untick "block access"

I've got users showing on the UTM but when I look at the web filter logs, there's a lot of user="" even though I think there should be a name against it. I do get names in user="JoeBloggs" but there is far more user="" which makes me think that it's not logging what users are doing fully.
Cancel
Vote Up 0 Vote Down

Cancel