This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Authentication Agent disconnect randomly.

Hi, We have a XG 135 firmware version SFOS 18.0.4 MR-4 running in our office. We have a mix of clients using Windows 10, MacOS 10.15 and 10.16, Linux Ubuntu 20.04.

We are running client authentication agent on each system to login into the firewall. All the values that could disconnect a system like Inactivity settings are already increased to 300 minutes. But i can see in the logs that several systems are still being kicked out even within 5 minutes of log in. No i can not understand the reason of this behavior.

One special thing, We are using the same user accounts for SSL VPN as well. So we can not use Clientless authentication.

Sophos support turned out to be pretty useless as one of my ticket already closed without proper communication and second one is lying without any attention for over a week.

Can anyone in the community please help!!

Thanks

Varun

This thread was automatically locked due to age.

0 FormerMember over 5 years ago
Hi varun singh,

Apologies for the inconvenience caused.

If you had concerns regarding a specific support case, please send your case number to me via PM and I'll be happy to help follow up.

About the issue, could you please confirm few configuration details? Have you imported users from your AD? Or configured local users on the firewall?

How many simultaneous logins did you configure for users? Go to Authentication > Users > Click on specific user > find Simultaneous logins. If it's selected, use global settings, then go to Authentication > Services > Global settings.

If you could provide the access_server logs in debugging, that would help us identify the issue.

Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

Select Option 5 (Device Management) > Option 3 (Advance Shell)

Run this command to put the access_server service in debug:

service access_server:debug -d -s nosync

Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

Once you capture the access_server logs in debugging, run the same command to put the access_server service in normal running mode.

Run this command to check service status :

service -S | grep access_server

SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
access_server RUNNING,DEBUG

Note down the logout timestamp for a specific user and PM me the logs with the username.

Thanks,
- 0 varun singh over 5 years ago in reply to FormerMember
  
  Hi H_Patel, Thanks heaps for responding to my post. Here's some info for you to troubleshoot -
  
  - Users were created directly into the firewall > Authentication > users. So that not imported from anywhere else ex. AD etc.
  
  - Global settings set to `Unlimited` for both Simultaneous login and Max Session timeout.
  
  Log file shared via private message.
  
  Timestamp values are -
  
  Feb 23 09:18:04.020042
  
  Feb 23 09:28:36.483342
  
  Let me know if i missed anything. Thank you.
  - 0 FormerMember over 5 years ago in reply to varun singh
    
    Hi varun singh,
    
    Thank you for the update. I replied to your message.
    
    Could you please provide the output of the following commands?
    
    ls -al /var/cores
    grep -i "segfault" /log/syslog.log
    grep -i "access_server started Successfully" /log/access_server.log
    
    Thanks,
  - 0 varun singh over 5 years ago in reply to FormerMember
    
    Here's the output -
    
    XG135_XN03_SFOS 18.0.4 MR-4# ls -al /var/cores
    drwxrwxrwt    2 root     0             4096 Sep 6 17:23 .
    drwxr-xr-x   40 root     0             4096 Feb 23 07:53 ..
    -rw-------    1 root     0         84680704 Jun 9 2020 core.ConfigReload
    -rw-------    1 root     0          9588736 Jun 10 2020 core.fwcm-eventd
    -rw-------    1 root     0        608878592 Sep 6 17:23 core.snort
    XG135_XN03_SFOS 18.0.4 MR-4# grep -i "segfault" /log/syslog.log
    XG135_XN03_SFOS 18.0.4 MR-4# grep -i "access_server started Successfully" /log/access_server.log
    
    There was no output for last 2 commands.
    
    Thanks
  - 0 varun singh over 4 years ago in reply to varun singh
    
    Still no resolution
0 Isaias Cravo over 5 years ago

Same problem here! Exact the same problem, hardware e software versions.
- 0 Matt Mentele over 4 years ago in reply to Isaias Cravo
  
  same here
  - 0 FormerMember over 4 years ago in reply to Matt Mentele
    
    Hi Matt Mentele,
    
    Please open a support case for in-depth troubleshooting and provide access_server logs in debugging while replicating the issue.
    
    Thanks,