Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 12700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG: STAS installed, configured, started but doesnt show live users

Avi Bar Ilan

Hi all

i have an XG firewall (latest firmware), running 5 vlans, single domain controller.

i have installed the STAS application on my domain controller, followed the KB to the word

https://community.sophos.com/kb/en-us/123156

i even changed the user account for the stas app to the domain administrator, i have disabled the firewall on the DC...

but, no matter what i do, no live users are showing up in the advanced tab on STAS.

 

btw,

in the stas agent i have configured all our vlans, all 5 of them

in the stas collectors tab i have specified the xg ip address that is on the DC vlan (should i mention all its ip addresses on all vlans?)

in the advanced tab - test to sophos ip address is successful!

 

i dont understand what is wrong!

please help

 

maybe screenshots would help a little:



This thread was automatically locked due to age.
Parents
  • 0

    Never found the trick to run it reliably either.

    Paul Jr

  • 0 in reply to Big_Buck

    Lets get back to the topic. 

     

    First of all.

    Agents is reporting all Users to Collector.

    Collector is reporting to XG.

    XG is using Collector to look up the Users. 

    Collector is fetching all Users and "verify" them via WMI. 

    Suite installs both components. Do you have multiple Collectors / agents ? This could cause a issue, if not setup properly. 

     

    You need to know, which of the steps above causes your Issue.

     

    Do you see Users in the Collector (Live User Collector) but not XG? 

    Seems like something is broken between Collector and XG.

     

    Do you see no Live users in Collector?

    Seems like something is broken between Agent and Collector. 

     

     

    There is a Log on Collector and XG. You can actually use both to get a clue, what is going on. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi

    so, i have a single instance of stas running on a single domain controller.

    meaning no multiple agents and no multiple collectors.

    i dont see live users not on stas and not in xg.

    i'm getting absolutely nothing

  • 0 in reply to Avi Bar Ilan

     Please make sure on DC you have done,

    - Go to Start > Administrative Tools > Local Security Policy to view Security Settings. Browse to Security Settings > Local Policies > Audit Policy and double click on Audit account logon events to view the Audit account logon events Properties window.

    Select both the Success and Failure options and click OK to close the window.

    - While still in the Local Security Policy, browse to Security Settings > Local Policies > User Rights Assignment and double click on Log on as a service to view the Log on as a service Properties.

    If the Administrative user being used to install and run STAS is not listed here, select Add User or Group and add the user. Select OK to close the window.

    Configure the Windows Firewall and/or 3rd party firewall software to allow communication over the following ports:

    • AD Server: Inbound UDP 6677, Outbound UDP 6060, Outbound TCP 135 & 445 (if using Workstation Polling Method WMI or Registry Read Access), Outbound ICMP (if using Logoff Detection Ping), Inbound/Outbound UDP 50001 (collector test), Inbound/Outbound TCP 27015 (config sync).
    • Workstation(s): Inbound TCP 135 & 445 (if using Workstation Polling Method WMI or Registry Read Access), Inbound ICMP (if using Logoff Detection Ping).

    Note: RPC, RPC locator, DCOM and WMI services should be enabled on workstations for WMI/Registry Read Access.

    if all above steps are done, check on your domain controller if the event id 4768 is getting logged. To check this in event viewer -> Windows -> security, filter for event id 4768. 

    If no events, try a restart of the DC and check again.

  • 0 in reply to AWP

    Hi

    i have already followed your suggested steps since they are all taken from the KB.

  • 0 in reply to Avi Bar Ilan

    BTW,

    all event id 4768 are indeed showing in the DC event viewer

    but still - no live users are showing up in SATS

  • 0 in reply to Avi Bar Ilan

    Just to confirm, problem is no users are shown in the live users on stas agent installed.

    Is the STAS installed on DC or member server.

  • 0 in reply to AWP

    Hi

    STAS is installed on a DC

  • 0 in reply to Avi Bar Ilan

    using latest STAS 2.5, maybe try 2.2

  • 0 in reply to AWP

    So you see all those Login Events in the Event Log of DC? 

    Can you actually see any entries in the Log of STAS? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi

    i do see all those events in event viewer on the DC.

    nothing in stas.

     

    BTW,

    i changed the agent mode from eventlog to netapi...

    that seemed to work for a few hours but now its not working again.

     

    unstable is an understatement 

Reply Children
No Data
Unfiltered HTML