Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
We have a multi site environment with a business requirement for all users to be authenticated for Internet Access. We seem to be unable to authenticate users at the Branches against the Head Office XG Firewall. Head Office users authenticate without issue. All branches connect to head office via RED.
Does anyone know if this setup is supported? If not, are there any best practices / recommendations for how we can achieve multi site authentication against the head office firewall?
Quick Environment Summary
At present we have Head Office & 3 Branch Sites. The branches all connect to head office using RED.
Head Office: XG210 - authentication is achieved using Active Directory Integration & the server is physically located on the same site & subnet.
Branches (x3): XG125 - different sites & subnets - all traffic routed over RED to Head OfficeAny assistance / guidance would be much appreciated.
This should be possible.
Lets wrap up.
Your clients on the branches uses the same AD on Head office and the authentication (via Windows) works?
So all Logon Events are logged on AD?
You basically should include the subnets on STAS Agent and the collector should pick up all users of branches.
In reply to LuCar Toni:
Thanks for the response.
Yes single AD server which all users from all sites authenticate via.
Yes logon/ log off events for all sites are against this AD server
We have had very mixed results with STAS in the past. Any tips for young players?
In reply to Adam Rippon:
Most important part is to use the proper logoff detection. STAS needs to verify the user is actually logged in.
Use STAS2.5 (newest version).
Install the STAS Suite and configure everything like here: https://community.sophos.com/kb/en-us/123156
Verify your GPO like KBA123020 works properly.
Afterwards this should work fine.
Seems like the WMI query was the issue - when resolved it started working a lot more reliably.Will do some more detailed testing now.
Much appreciated for your help