stas start = ok
connection test to utm, and between agent and collector = ok
VMI test = ok
but when I go to advance/view live users, it shows blank
My server is window 2003 domain.
Please help. thanks in advance.
Hi Ting,
Are the user's getting authenticated? Take SSH to UTM and capture tcpdump on port 6677 or 6060. Check if there is any packet communication on these ports.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Hi, thanks for reply.
I tried to logoff and logon on stations, there is nothing on port 6677, but there is something on port 6060 instead, here is captured data.
I did change stas collector setting to port 6060 in UTM, and in collector stas program on server, still does not have anything shown in live user/advance, nothing at global/client authentication/utm. Please advise. thanks.
utm:/home/login # tcpdump -veni eth0 port 6060
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 byte s
07:57:47.187326 00:09:6b:09:95:d8 > 00:e0:4c:77:14:39, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 10740, offset 0, flags [none], proto UDP (17), length 39)
192.168.0.13.4740 > 192.168.0.5.6060: UDP, length 11
07:58:17.187257 00:09:6b:09:95:d8 > 00:e0:4c:77:14:39, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 28749, offset 0, flags [none], proto UDP (17), length 39)
192.168.0.13.4740 > 192.168.0.5.6060: UDP, length 11
07:58:47.187173 00:09:6b:09:95:d8 > 00:e0:4c:77:14:39, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 28815, offset 0, flags [none], proto UDP (17), length 39)
192.168.0.13.4740 > 192.168.0.5.6060: UDP, length 11
07:59:17.187073 00:09:6b:09:95:d8 > 00:e0:4c:77:14:39, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 28876, offset 0, flags [none], proto UDP (17 ), length 39)
192.168.0.13.4740 > 192.168.0.5.6060: UDP, length 11
07:59:47.186941 00:09:6b:09:95:d8 > 00:e0:4c:77:14:39, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 1459, offset 0, flags [none], proto UDP (17) , length 39)
192.168.0.13.4740 > 192.168.0.5.6060: UDP, length 11
08:00:17.186956 00:09:6b:09:95:d8 > 00:e0:4c:77:14:39, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 2079, offset 0, flags [none], proto UDP (17) , length 39)
192.168.0.13.4740 > 192.168.0.5.6060: UDP, length 11
Hi, last reply I show you that there is communication on port 6060, showed you tcpdump data, I just went to live log for "client authertincation"/utm, here is data, it seems it said "stas_check_collector_timeout.
2016:06:24-13:23:17 utm argos[15121]: [stas_event]: Read 11 bytes from IP 192.168.0.13:4740
Hi,
Please configure STAS collector port to 6677 UDP. Take a tcpdump on port 6677 and let me know if you find something. Again, are the user's authenticated? Do you find any live users on the STAS client?
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
I've got the same behavior. All tests go ok, but STAS does not work. I don't see online users and log shows me
2017:01:23-17:17:19 utm argos[5633]: [stas_event]: Read 11 bytes from IP 192.168.111.26:53786 2017:01:23-17:17:19 utm argos[5633]: [process_stas_request]: Processing STAS request STA_LIVE_REQ 2017:01:23-17:17:20 utm argos[5633]: [stas_check_collector_timeout]: Checking for collectors who have time-out 2017:01:23-17:17:49 utm argos[5633]: [stas_event]: Received STAS package
All settings were made according STAS_manual-en.pdf
AND all tests passed! Firewall was disabled for simplicity.
Create a windows firewall rule which allows traffic from UTM using the STAS application. Test this first by deactivating Windows firewall temporarily.
If this work, create a windows firewall rule using gpo and apply it on the domain controller or else where STAS is running.
In the post above, I've already written, windows firewalls were disabled, for test. But STAS does not work. Maybe have you got another idea, how to fix it?
Did you ever get an answer to this problem.?
I too am having issues with it. Not all STAS users appear in 'Show Live Users'.
It seems fairly random who shows and who does not.
Those that do not appear are then prompted with the Captive Portal - which is a real pain!
