Sophos Firewall v22 EAP is now available! Click here to learn more.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG always logout users randomly

peter zaher

Firewall always logout users randomly

 



This thread was automatically locked due to age.
  • 0

    Peter,

    Are you using an appliance? How many user are authenticated through stas?

    Check logs inside access_server.log from /var/tslog

    Thanks

  • 0

    Hello Peter,

    Increase the inactivity time for NTLM and Web Client under Configure -> Authentication -> Services 

    Muhammad Osama

    Sophos Certified Engineer (XG Firewall)

  • 0

    Same issue here. Nothing but headaches since we started using these firewalls. Really sad. I used Sophos UTM's at a previous job and they were solid. Seems like they've just gotten careless and sloppy over the last few years. XG is riddled with bugs.

    • 0 in reply to RyanDonohue

      Did you get this resolved? 

      I've had a similar problem and have just changed some settings, this article may help. If you have fixed the problem and this article was not the answer please let me know what you did. 

      https://community.sophos.com/kb/en-us/125468 

       

      Thank you

      • 0 in reply to Angela Cozier

        Yes that article is what support ended up recommending to me. It's not a solution, but a half-ass workaround. The major problem with it is that the setting gets lost every time you update the firewall. So any time you update you have to remember to go back in and do it again.

        • 0 in reply to RyanDonohue

          My STAS installation runs smoothly. 

          Try: 

           

          And most important: Check out the WMI Settings + set the correct GPO.

          https://community.sophos.com/kb/en-us/123020

           

          And furthermore Test it! 

          Step 3: Verify WMI using command line

           

          If the test via CMD does not work, something in your ENV is not correct and STAS will log out the users. If you see a strange behavior of STAS, first test the WMI. Do not just try the WMI port, verify the log in and try to get the User credentials via WMIc 

           

           

           

           

          __________________________________________________________________________________________________________________

          • 0 in reply to RyanDonohue

            Thank you for the heads up!!

          • 0 in reply to RyanDonohue

            Couldn't agree more!!!

            Using 2 x XG230s...

            1.VPN continually drops out.

            2. Captive Portal only displays an IP address so cannot use publicly signed certificate.

            3. One of the XGs needed a reboot, so decided to drop it's captive portal and start letting any wireless device on the network. 

            4. STAS does NOT work full stop. 

            • 0 in reply to Tam Ben-Jusu

              Hi,

              Can you be more specific about your issues? 

              VPN should be stabil by now. 

              You can use the hostname instead of IP address: https://community.sophos.com/kb/en-us/132058

              I cannot understand point 3.

              And as far as i can tell, STAS works fine in most of my setups for now. And - if you do not want to go with STAS, you could try out the SSO client. https://community.sophos.com/kb/en-us/123159

               

              Maybe  can follow up this query? 

              __________________________________________________________________________________________________________________

              • 0 in reply to LuCar Toni

                Many thanks for the quick response MBP,

                1.The VPN between the two XGs drops out randomly, perhaps once a fortnight, and it never comes back up after a reboot. I have to go in to VPN (both icons are green but no VPN exists) and click 'Disconnect' then  'Connect' in the VPN window.

                Any advice on the IPSEC settings which should be most stable would be greatly appriecated?

                 

                2. Huge thanks for this: https://community.sophos.com/kb/en-us/132058 I had not seen its release in July.

                Last time I spoke to Sophos Support they said the Captive Portal would only display an IP address and therefore a CA signed certificate would always give a security error. I shall the set the value of the proxy_url_use_hostname to on and purchase a new certificate. 

                 

                3. STAS users keep disconnecting and have done since I purchased the XGs. I've had a support ticket open since Feb 2018.

                All tests in STAS (WMI, Reg, Agent, Collector) show as successful. Live users appear in STAS and then randomly drop off, anywhere between 4min-4hrs. Recently I added another domain controller running the Sophos agent. Any clients authenticated against that DC, in 'Show Live Users' display the XG's ip address?! Then, suddenly appear again with the correct ip address and then drop off.

                Again, any advise would be greatly appreciated.

                Cheers

                 

                • 0 in reply to Tam Ben-Jusu

                  Could you please open a thread for each topic at their own? Would like to refer to each topic individual.

                  Thanks!

                  __________________________________________________________________________________________________________________

                  • 0 in reply to LuCar Toni

                    Have split them into 2 threads, MBP.

                    Your suggestion for the https certificate looks to have solved the public signing issue.

                    Many thanks again