User authentication against firewall from Terminalserver not working properly

Were having Windows TS with Intercept X. The TS is registered on the firewall (SFOS 19.5.1) as "Citrix Server".

The user that login to the TS are authenticating also against the firewall through the Intercept-X client on the TS. This is working generally.

But for a while now, we're getting complaints from changing users, saying they cannot access internet or internal servers. When checking, we see, their TS user session is not authenticated against the firewall.

We ask them to log off and log in again to the TS. Most of the times, this works after 2 or 3 attempts and their user session from the TS appears in the list of authenticated users on the firewall and they can proceed accessing internet and internal servers (based on FW rules with user authentication).

This is a strange behaviour and I'd like to know how we should proceed analyzing the issue.

Any idea?

TS has Endpoint EAP

Edited TAGs
[edited by: Gladys at 8:04 AM (GMT -7) on 16 May 2023]
Parents Reply
  • documenting this Methusalem a little bit.

    last suggestion was:  add reg key on TS

    "HKLM\SOFTWARE\Sophos\Sophos Network Threat Protection\Application"  SatcPendDurationMs (DWORD)

    No specific value was given. So I tested with 2000ms but that made user logins on the TS extremely slow. So went to 1000ms. That should be enough in LAN environment anyway.

    This had absolutely no effect on the SATC Authentication on the Firewall on 2 TS I tested with. Still randomly users on the TS are not authenticated against the Firewall.

    even the 1000ms value slowed down user logins massively, less than the value with 2000ms though.

    Somehow it is hard to believe that this is working smoothly in production elsewhere.