Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
I'm trying to set up STAS on my domain controller, and having a few issues.
The STAS Agent and STAS Collector are working fine, and testing okay, but when I test connectivity to the Sophos device, I get a "Test Connection failed." popup.
I have added the rules to Windows Firewall for TCP/UDP ports 5566 and 6677 as well as 6060, and even tried with Windows Firewall completely disabled but still have no luck.
I have checked everywhere I can think for logging but there seems to be no errors anywhere in the logs on the firewall or on the DC itself
XG IP: 192.168.10.1
DC IP: 192.168.10.15
Screenshots of error attached.
did tou create the STAS group and CTA configuration on XG?
Please make sure to follow all the steps available in the KB (3 URL are there):
In reply to lferrara:
Thanks for getting back to me.
I have been through each of those documents as diligently as I can over the last few days and have followed and checked every step.
I have also created the group and config on the XG - screenshot attached
Are there any other debugging steps I can take?
In reply to Marcus Peterson:
Send me a pm and this evening I will have a look at it.
Execute the following commands to add a collector IP and a collector port, as well as create a collector group.
console> system auth cta collector add collector-ip <ip-address> collector-port <port> create-new-collector-group
Has the problem been resolved? Since, I have the same issue.
In reply to Namit Jain:
from console, tcpdump "port 6677" and launch the test connection and share what is the tcpdump output.
I was able to resolve this issue after a call to Sophos support.
After a long time debugging, the solution was to go to "Administration" > "Device Access" and make sure the appropriate services were selected for the zone that the DC was in. From memory, you need to make sure "Client Authentication" is selected.
Hope this helps