Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 4282 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is STAS supported for multiple domains?

mahaddon

We are looking at implementing STAS for our UTM array backend proxies and can't find the following info in documentation.

As a background, we have a UTM array that is used for proxying/web filtering for schools.  The UTMs are AD integrated and most of our schools integrate with the same AD so AD SSO is fine for those however some schools have their own ADs so we're looking at STAS so we can move away from client IP based policies. 

First, the documentation has a simple model based on a single AD using STAT to talk to an XG Firewall or UTM.  We need to know if this model can be expanded so we can have a STAS installation in each "own AD" school and all of the STAS Agents at those schools talk to our central UTM array?

e.g.

Second question is around resilience.  What's the best way to set up resilience particularly around the STAS collector server?



This thread was automatically locked due to age.
Parents
  • 0

    I have the same question – for the Sophos UTM.  I set up the UTM with multiple STAS agents; each on a different network and different Active Directory domain.  It works only with one domain controller at a time. 

    Here is an interesting log entry:

    argos[13448]: [process_stas_request]: Active collector already present, sending LIVE_NACK to 10.X.X.X:6677

    To me, it seems whichever DC (STAS) communicates first with UTM is recognized.  The second one receives the NACK.  No further communication occurs between the UTM and second STAS agent.  Although, you can successfully test the connection between the second STAS and UTM.

    I have a support ticket open.  Any assistance is greatly appreciated.

    -B

Reply
  • 0

    I have the same question – for the Sophos UTM.  I set up the UTM with multiple STAS agents; each on a different network and different Active Directory domain.  It works only with one domain controller at a time. 

    Here is an interesting log entry:

    argos[13448]: [process_stas_request]: Active collector already present, sending LIVE_NACK to 10.X.X.X:6677

    To me, it seems whichever DC (STAS) communicates first with UTM is recognized.  The second one receives the NACK.  No further communication occurs between the UTM and second STAS agent.  Although, you can successfully test the connection between the second STAS and UTM.

    I have a support ticket open.  Any assistance is greatly appreciated.

    -B

Children
No Data
Unfiltered HTML