Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

SOPHOS STAS inactivity Timer issue

hi,
i have XGS2100 (SFOS 20.0.2 MR-2-Build378).very wired issue is being faced. i am using STAS for user authentication. user rule is down in the rules. on top of all i have created rule in which i added mac address of few users. this rule is not working. when a user came whose mac in not entered in rule then it passes through any user rule. in log viewer it shows mac address and email address of any domain user. while this mac is not part of any domain PC. this is not normal. from user rule that user shoudl pass who was called in that rule.
i also created new mac address rule but it is not working. i noticed that when any user came whose mac is not in allowed rule it take ip from dhcp , that ip was previously used by some authenticated user then this user is considered as authenticated user and goes through user rule.
as a work around i enabled Enable user inactivity under STAS, configured inactivity timer 120 Min. and Data transfer Threshold 100 Bytes. but with this setting the user whose mac in not entered is not allowed to go to internet while the user who are authenticated start being logged off either they are idle or not for 120 Min.
please advise..



Added TAGs
[edited by: Raphael Alganes at 2:48 PM (GMT -7) on 2 Oct 2024]
Parents Reply
  • Hello Ahmad,

    In a situation, wherein the STAS failed to login your users and if you wants to restrict Internet access for unauthenticated user you must enable show captive portal to unknow users and hence the user who failed to login will be prompted with the captive portal for login.

    For guest, if the traffic comes in via flat network wherein no L3 involved, you can certainly have firewall rule with the source MAC addresses added to allow internet through it. If the MAC addresses does not match, it will check with the rules in top to down approach.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Children