This is a set up question.
I have two UTM on different sites, A and B. Each site has a Windows 2016 server DC and STAS is working locally. The sites are connected to each other via Site2Site VPN.
I am trying to achieve that a logged in user is registered in both UTM through STAS regardless if the user is logged in on site A or B.
First I configured each STAS with the two IP-adress of each UTM. But I ran into problem when configuring remote STAS in the UTM. UTM requires that the STAS should be on a physical interface (when configuring IP-address, you must select an interface in UTM). Since the remote STAS is connected via VPN there is no local interface.
Next I configured each STAS agent to also serve the remote STAS Collector. It worked! When a user logs in, the username and IP-address is now registered in both UTM!
I am using WMI for log off detection. Locally it works flawlessly, but not for clients registered on the remote site. I have opened all ports from each DC to the remote networks, and according to firewall log they are communication when testing WMI in the STAS application. Currently the test fails.
But since this is Microsoft I am not certain that the communication is correct. I believe that there might be a firewall issue for WMI communication between local DC and clients on remote sites? Or cannot a local DC check a remote network which belongs to the remote DC?
This thread was automatically locked due to age.
