Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 39 subscribers
  • Views 14605 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SF Authentication behavior after STAS

FaheemSarwar

Dear All, 

we have managed to install STAS Suite on our AD and now the Sophos XG Firewall is importing users from AD (not seeing all of them). there are some things i would like to ask:

1- how the SF populates the "User" section of firewall by communicating with AD. does it imports all the users at once or upon user logon ?

2- if we have multiple child domains in our environment, shall we have to install STAS suite on other DCs as well to import their users ?

3- now that i have installed STAS suite in AD, i am still seeing captive portal screen while opening the browser. after logon i can proceed with browsing. shall it suppose to work like that ?

4- how can i verify from SF if the STAS suite is working fine.

we followed this article to install STAS :

https://www.sophos.com/en-us/support/knowledgebase/123156.aspx 

kindly guide me. Sophos XG is installed in "Gateway" mode.

Regards,

Faheem



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to lferrara

    Dear  ,

    Yes i have : the only difference is, we have selected "connection security" as "simple".

    let me describe scenario:

    Before STAS:

    we had configured AD already. we imported some AD groups and some test users (not all). i have been testing firewall policies with those users and they always showed up with captive portal authentication. policies were working fine

    After STAS:

    now AD users are being populated in "USERS" section automatically (not all of them). i still get the captive portal screen on any user. we have already added users in firewall policy in "match users".

    now i have two questions :

    should i be getting that captive portal screen after installing STAS on AD ? if not then what could be wrong ?

    will i get all my current AD users automatically or do i have to manually import them ?

Children
Unfiltered HTML