Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Several months ago I enabled Authentication on my XG v16 VM since this I've upgraded to V17 and still experience the below issues.
After enabling authentication at times I will randomly loose internet access this seems to happen in particular when waking a Windows 10 laptop from sleep although not exclusively. I have several firewall rules one with Authentication enabled and another just below with Authentication disabled. When this issue occurs if I try to ping an external address this times out however I am able to ping XG and various other Internal IP addresses although remote addresses over my IPSEC VPN are also unreachable.
When checking in the logs I'm unable to find any obvious issues and a reboot of the device in question seems to resolve the issue until the issue next occurs. I have STAS and RADIUS SSO enabled and both seem to be working fine except this issue.
Has anybody had any experience of a similar issue?
Any help is greatly appreciated
I have the same issue on my MAC along with Sophos Authentication Client, which uses a ping-pong technique to continuosly exchange health status with XG.
Did you open a ticket with support?
In reply to lferrara:
No I haven’t as I’m a home user and therefore I’m not entitled to support.
I had similar issue. In my case disabling logoff detection at STAS client and using only the firewall options to control the login time and transfer threshould did the trick...
In reply to Fernando Durso:
very interesting! I have been battling this for quite some time. over the course of a day, our network monitoring system will randomly notify me that our remote sites are down and various users (including my manager) will tell me the internet is bouncing.
I run constant pings to google and other sites and I see one random ping packet dropped, maybe 1 out of 40. This is so random that it makes it difficult to troubleshoot.
I've tried disabling web filtering, IPS, etc. I would never have guessed STAS/Authentication would have affected dropped traffic.
Logoff detection has been disabled and I'll be monitoring to see if this is effective.
Sounds like a bug to me, but Sophos and I frequently disagree on what constitutes a bug.
In reply to ZaneDonaldson:
so, it sort of fixed it. but my manager tells me his ping to google.com failed for about a minute, tracert stops at the XG. but at the same moment, I was able to ping google.com
so I'm all sorts of mixed up now.
Well, ping google is far from be releable, I had problems probing google´s DNS 126.96.36.199 and 188.8.131.52 in load balance when they stopped responding, giving false positives and switching the links to backup.... tell your manager to try something less crowded :-)
Can I ask what you settings you used on the XG Fernando.?
In reply to Tam Ben-Jusu:
About the STAS?
Yeah, I'm having every STAS problem listed on the message boards in this community!!
I think it's just a very flaky product.
I was thinking just let the XG do it as you said earlier in this post.
'disabling logoff detection at STAS client and using only the firewall options to control the login time and transfer threshould did the trick...'
Just a quick question.. if you disable 'Log Off Detection' in STAS.. when a user logs off of the machine and another user logs on the IP address of the machine is still associated with the first user...
So Reporting will associate any network traffic with the first user.?
Yes they will, you have to adjust the values to avoid it, in my case the changes occur only at lunch time so i can manage that....
See the bottom of the page linked below regarding "Drop Timeout in Learning Mode". This seems to be the intended behaviour when a user becomes unauthenticated
Hi. I had the same problem and in my case I discovered that it was because the Sophos Transparent Authentication Suite could not connect via WMI to the workstations. Try deactivating the firewall of the workstation and see if the problem persists. If the user remains connected then that was the fault.To fix it, enable the firewall entry rules for WMI, or you can also do it from the GPO.
LuCar Toni tellme that there is a KBA for configure WMI.community.sophos.com/.../123020