This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Appliance SMBv1 Dependecy.

Hi,

I would like to ask:

Would there be any development in Sophos Web Appliance that supports SMBv2 or above?

A friend of mine disabled the SMBv1(in response to the Wanna Ransomware)  that makes the Active Directory integration no longer work.

They are also aware of this KB.

https://community.sophos.com/kb/en-us/126757

 

Thanks,

tech



This thread was automatically locked due to age.
Parents Reply Children
  • 4.3.3 installed on both of our WEB Gateways.  Authentication to domain still fails.

     

     

    Same errors including "No Netlogon" share found.  Worry not, the share is there ...  

     

    Any firewall rules to setup on DCs and Desktops to make 4.3.3 work ?

  • I have just shutdown the firewall on all of my DCs to test connection.  Same errors.

  • Can you please enable Remote Assistance and we'll connect to your SWA to investigate.

  • Done.  Both appliance are enabled to support.  Case open.  Support can reach me by phone anytime tonite and tomorrow.

  • OK.  Here's our status as of Friday night.  It may help someone ... Sophos support call to help.  We tried the same procedure as of 2017-9-7 6:28 PM.  Same error as both screen shots we posted then.

     

     

    We subsequently unchecked "Auto-detect advanced settings".  Even-though "Verify Settings" failed, fields were filled up correctly.  Then we changed port 3268 to port 389.  "Verify Settings" finally succeeded.

    We put 3268 back afterward. "Verify Settings" failed at first, but succeeded at the second attempt.  Our other SWG (we have more than one) succeeded in returning to port 3268 immediately.  Which means succeeded at joining the domain.

    Observations:  

    1- Maybe returning to 3268 on the first SWG failed because we did leave enough time to the appliance before we clicked "applied".

    2- On my Windows Domain Controller logs. Not a single 389 or 3268 request was dropped.  We event tried to join SWG to AD with all firewalls deactivated on all domain controllers.  It is clearly not a question of firewall.

    3- Sophos requirements tell UDP 3268 should be activated.  We were not able to catch any such request on all of our firewalls for as long as we can read logs.  Furthermore, UDP 3268 is barely mentioned on Google.  And I haven't found docs on Microsoft's web site yet.  This requirement seems to be an error.  TCP 3268, as it should, is frequently requested (by other devices as well).

    4- Why Sophos does not use SLDAP, port 3269 instead of unsecured LDAP, port 3268, is beyond me.

     

    I understand 4.3.3 is a beta version.

  • So how exactly was this issue fixed??

    We have the exact same issue - saying no Netlogon share was found. I don't get it....

  • It is not fixed.  Still cannot connect to Windows 2016 active directory.