XG Firewall Keeps Credentials from RDP session

Yesterday we upgraded to the latest greatest firmware XG450 (SFOS 17.0.8 MR-8) . Now, when we use Remote Desktop to log in to a server, Sophos Firewall is remembering that user ID and using it for all our web browsing. For example, I am logged into my own PC with my own creds. I then use Remote Desktop with a domain admin user for server maintenance. I close out of that remote desktop session and go to web browse on my own PC. I am blocked from everything because I have my domain admin user very restricted. It blocks me with the domain admin user! It THINKS I am logged in as that user when web browsing. If I use RDP to remote into a server with my own credentials, all is well again on my PC and I can browse. Anyone else experiencing this?

  • I have been dealing with this ever since version 15.   The only thing that works to associate the correct creds on the computer is to lock it and sign back in. This will cause a login event and tell the FW  that the correct user is signed in.

    Another work around is to designate a computer just for RDPing in to servers.  Create a special user account and add it to the exclusion list in STAS. When you RDP into this computer, the user will not cause a login event on the FW.  However, when you RDP into a server from this computer it will tell the FW that the account you just signed into the server with now has "been signed into" the computer you RDP'd from. It will cause the effect you stated above. But at least the creds on YOUR computer won't change, just the "middle" computer.

     

    If you have to RDP into a server from a user's workstation, make sure you lock the account when you are done. Signing back in will force a login event.

  • In reply to DedJas:

    We just implemented the XG450 firewalls, and cut through them a few weeks back.

     

    I am as of today, experiencing exactly this issue.  I'm going to reach out to Sophos to find out what is up with this.