Issues since enabling authentication

Several months ago I enabled Authentication on my XG v16 VM since this I've upgraded to V17 and still experience the below issues.


After enabling authentication at times I will randomly loose internet access this seems to happen in particular when waking a Windows 10 laptop from sleep although not exclusively. I have several firewall rules one with Authentication enabled and another just below with Authentication disabled. When this issue occurs if I try to ping an external address this times out however I am able to ping XG and various other Internal IP addresses although remote addresses over my IPSEC VPN are also unreachable.


When checking in the logs I'm unable to find any obvious issues and a reboot of the device in question seems to resolve the issue until the issue next occurs. I have STAS and RADIUS SSO enabled and both seem to be working fine except this issue.


Has anybody had any experience of a similar issue?


Any help is greatly appreciated


  • kieran90,

    I have the same issue on my MAC along with Sophos Authentication Client, which uses a ping-pong technique to continuosly exchange health status with XG.

    Did you open a ticket with support?


  • In reply to lferrara:


    No I haven’t as I’m a home user and therefore I’m not entitled to support.


  • I had similar issue. In my case disabling logoff detection at STAS client and using only the firewall options to control the login time and transfer threshould did the trick...

  • In reply to Fernando Durso:

    very interesting!  I have been battling this for quite some time.  over the course of a day, our network monitoring system will randomly notify me that our remote sites are down and various users (including my manager) will tell me the internet is bouncing. 


    I run constant pings to google and other sites and I see one random ping packet dropped, maybe 1 out of 40.  This is so random that it makes it difficult to troubleshoot. 

    I've tried disabling web filtering, IPS, etc.  I would never have guessed STAS/Authentication would have affected dropped traffic.


    Logoff detection has been disabled and I'll be monitoring to see if this is effective.


    Sounds like a bug to me, but Sophos and I frequently disagree on what constitutes a bug.

  • In reply to ZaneDonaldson:

    so, it sort of fixed it. but my manager tells me his ping to failed for about a minute, tracert stops at the XG.  but at the same moment, I was able to ping


    so I'm all sorts of mixed up now.

  • In reply to ZaneDonaldson:

    Well, ping google is far from be releable, I had problems probing google´s DNS and in load balance when they stopped responding, giving false positives and switching the links to backup.... tell your manager to try something less crowded :-)

  • In reply to Fernando Durso:

    Can I ask what you settings you used on the XG Fernando.?

    Many thanks


  • In reply to Fernando Durso:

    Yeah, I'm having every STAS problem listed on the message boards in this community!!

    I think it's just a very flaky product.

    I was thinking just let the XG do it as you said earlier in this post.

     'disabling logoff detection at STAS client and using only the firewall options to control the login time and transfer threshould did the trick...'


    Many thanks


  • In reply to Fernando Durso:

    Just a quick question.. if you disable 'Log Off Detection' in STAS.. when a user logs off of the machine and another user logs on the IP address of the machine is still associated with the first user...

    So Reporting will associate any network traffic with the first user.?

  • In reply to Tam Ben-Jusu:

    Yes they will, you have to adjust the values to avoid it, in my case the changes occur only at lunch time so i can manage that....

  • In reply to Fernando Durso:

    See the bottom of the page linked below regarding "Drop Timeout in Learning Mode". This seems to be the intended behaviour when a user becomes unauthenticated


  • In reply to Fernando Durso:

    Hi. I had the same problem and in my case I discovered that it was because the Sophos Transparent Authentication Suite could not connect via WMI to the workstations. Try deactivating the firewall of the workstation and see if the problem persists. If the user remains connected then that was the fault.
    To fix it, enable the firewall entry rules for WMI, or you can also do it from the GPO.

    LuCar Toni tellme that there is a KBA for configure WMI.