i have configured stas in DC and after configured user and connected through STAS and no login required i have created multiple groups with user rule in sophos.when user login to system i have checked the log its showing as per created rule but after some time its changed to network based rule so the web policy not applied so if any one having any solution please help.
Check the STAS logs (the STAS + EVENT logs) for the reason. Could be a number of reasons, being replaced by another account of failing the log off detection method. Either way the first place to look is…
i have face same issue stiil any one having solution please help
isuue-After user login with AD credential user get internet .so i have created with multiple user based policy but after 15 to 20 min its changed to network policy so please help.
Hi satyabrata bastia
May I know the number of users affected facing the same issue?
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Hi satyabrata bastia
Yes, it is a Windows System level issue, how many windows systems you have faced the same access denied message while testing from STAS suite?
The fix is provided by Microsoft as per the below link try and share the result.
Contact Microsoft support as well to solve the issue with wmi or ping polling method if above link not useful.
Thanks and Regards
we have 250 user and i have with ip in wmi its denied
Can you try with one or two windows system for a test as per the below link and share the result ?
sir i have check with sophos document for wmi polling method need to configure windows gpo,logon and logoff detection should be enable and inbound wmi connection should be enable .so please tell me which one i will follow to resolve or ping method should be enable
satyabrata bastia said:sophos document for wmi polling method
Yes you have already found the issue with help Sophos Document where wmi is getting failed from Windows System now you have to fix the issue from your Windows Systems as per the shared link.
sir can i share windows issue document i found when i checked with sophos stas document .
i have collected all details with screen shot if you conform then i will send you
That might not help sharing Microsoft documents to Sophos as it is windows version related issue as of now you can share snapshot that shows the AD is getting successfully integrated message and the current STAS setting applied on Sophos XG as per the link:
STAS settings https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/learningContents/ConfiguringTransparentAuthenticationSTAS.html to check configuration is proper.
Login to console with SSH go to option 4 and run tcpdump 'port 6060 or 6677
share the output of tcpdump too
Your issue will get fixed if you check with the Windows version as you have shared no detail on which Windows Version you are facing the issue and by contacting Microsft support
Try to update the windows system.
Follow this link too https://support.sophos.com/support/s/article/KB-000035623?language=en_US
how to run tcp dump
windows server 2008
satyabrata bastia said:user system-2010
Windows 10, version 1909,Windows 10, version 1607,Windows 10, version 1809,Windows 10, version 2004, Windows 10, version 20H2, Windows 10, version 21H1?
Is your user system-2010 are up to date ?
i have checked with windows version windows 10 PRO N Version-21H1
windows not up to date
satyabrata bastia said:windows not up to date
I would suggest you to Download and install the Client Authentication Agent to authenticate users to get internet access on the same CAA client save the username and password that will automatically login the user for internet access once the System turn on check the link below for more reference :
sir nat rule required for user based rule i have checked with document showing nat is not required.
i have update my system today after update check with WMI method same issue.
please check and replay.