Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 42 subscribers
  • Views 2013 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V18 / STAS - Authentication

M8ey

Hey guys,

 

Is there a better mechanism in development that STAS in its current form?

95% of my Firewall issues relate to STAS and it deciding not to work as needed. Ideally going back to the UTM style suits me fine rather than reading events.

My laptop users are the worst as they close the lid and bring it to work which doesn't create the logon event needed. iOs / Android is a whole other ball game and any PC not on our domain.

 

I heard Sophos are looking at a better way but I see in V18 STAS remains unchanged.

 

Whats the plans  - anyone aware?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    As of now, there is no information available on a new feature for the STAS version.

    If you could share details on your issue, we will try to provide the best solution possible.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    PS: UTM "style" will not solve your issue at all. 

    UTM style is Kerberos, which is included in V18. But Kerberos depends on HTTP (Web Traffic). Your client needs to login and open a Web application, to get authenticated. UTM only need Kerberos for Web traffic (proxy), so it does not matter there. But XG depends as a "Layer 8 Firewall" on the first packets already authenticated. 

    Better approach could be Synchronized User ID (with the Central Endpoint). It moves the authentication to the Endpoint and relies on the information by the Central Endpoint.

    Or you move to Kerberos and uses it only for Web Traffic. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to Keyur

    PS: UTM "style" will not solve your issue at all. 

    UTM style is Kerberos, which is included in V18. But Kerberos depends on HTTP (Web Traffic). Your client needs to login and open a Web application, to get authenticated. UTM only need Kerberos for Web traffic (proxy), so it does not matter there. But XG depends as a "Layer 8 Firewall" on the first packets already authenticated. 

    Better approach could be Synchronized User ID (with the Central Endpoint). It moves the authentication to the Endpoint and relies on the information by the Central Endpoint.

    Or you move to Kerberos and uses it only for Web Traffic. 

    __________________________________________________________________________________________________________________

Children
No Data
Unfiltered HTML