Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: SATC with Sophos Server Protection Step by Step Guide

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Table of Contents

Overview 

Sophos Authentication for Thin client (*SATC) with Sophos Server Protection enables Sophos Firewall to authenticate users accessing a server or remote desktop.SATC is included with Sophos Server Protection in Sophos Central. It's part of Sophos Central Server Core Agent and is available with any Server Protection license in Sophos Central. Currently, SATC with Sophos Server Protection only supports Windows Remote Desktop Services. You must download the Windows Server installer from Sophos Central. The installers that you can download would depend on the licenses you have. 

Sophos Firewall controls those authenticated users using a session-based approach via an identity-based firewall rule, providing more granular access controls for each user group. 

*Note
SATC functionality is only supported on Windows Server 2016 and requires a Core Agent of  2022.2 and higher.

What To Do

Follow the steps below to set up new SATC client integration with Sophos Server Protection: 

For full details on enabling SATC with Sophos Central Server Protection, see this help document:  SATC with Sophos Server Protection.

The steps below walk through the setup:

  1.  Turn off tamper protection for server protection. Note the current settings before you turn off tamper protection, as you need to change these back once SATC is activated. 


  2. On the server, open a command-line console/Power Shell. Add new parameter Satc PendDuration Ms in SATC, run the following command to turn on SatcPendDurationMs parameter  
    command: - reg add "HKLM\Software\Sophos\Sophos Network Threat Protection\Application" /v SatcPendDurationMs /t REG_DWORD /d 300 



    NOTE: We are updating the pend duration only when there is network latency




  3. Please ensure to reboot the Terminal Server once changes are applied. 

  4. Lastly, check the windows registry to confirm the changes under: HKLM\Software\Sophos\Sophos Network Threat Protection\Application  
  5. If you face any issues or need further assistance with this, kindly reach out to our Sophos Support team - support.sophos.com




Revamped(updated link and corrected Horizontal Line)
[edited by: Erick Jan at 2:49 AM (GMT -8) on 24 Dec 2024]
Parents
  • Hi  and thank you for the most useful information provided.

    I have been on a support case regarding SATC in RDS Server 2019 for almost two months now. After having read the article for the hundredth time I followed your suggestion to check for the SophosNetfilter.exe - which in our case is not running. It should have been easy for the support to figure that out Smiley

    We are enrolled in EAP, although the versions differ slightly:

    Core Agent 2.20.13 BETA
    Sophos Intercept X 2021.3.1.11 BETA
    Server Protection 10.8.11.4 BETA
    Managed Threat Response 2.3.0.68
    XDR 2.20.13 BETA

    "The 2022.2.x version of the Server agent moves the SATC functionality out of IPS and into the Core product."

    Will this still be in the context of EAP? By "Core product" you're referring to Intercept X?

Reply
  • Hi  and thank you for the most useful information provided.

    I have been on a support case regarding SATC in RDS Server 2019 for almost two months now. After having read the article for the hundredth time I followed your suggestion to check for the SophosNetfilter.exe - which in our case is not running. It should have been easy for the support to figure that out Smiley

    We are enrolled in EAP, although the versions differ slightly:

    Core Agent 2.20.13 BETA
    Sophos Intercept X 2021.3.1.11 BETA
    Server Protection 10.8.11.4 BETA
    Managed Threat Response 2.3.0.68
    XDR 2.20.13 BETA

    "The 2022.2.x version of the Server agent moves the SATC functionality out of IPS and into the Core product."

    Will this still be in the context of EAP? By "Core product" you're referring to Intercept X?

Children