Who here has struggled getting STAS working?

Reason I ask is that the documentation for it is unavailable, unless I've missed something, however, based on some other threads I perceive there to be the possibility of using STAS created objects within firewall rules.  Initially my assumption for STAS would be that it would strictly be used for the Web Protection module only.

On behalf of the crowd here, I'd like to ask for some documentation on how STAS is to be configured, and where it can be used through out the UTM.


Parents Reply Children
  • mod2402 said:

    ....Unfortunatley, it seems that STAS just working with active directory joined computers.

    Yes, that is expected behavior, because this feature was taken from Cyberoam where agent on domain controller monitor event log for successful login events and reports it back to the appliance.

    I was just wandering what do you see in a firewall rule when you try to add a source, are there also normal user objects or just like before user only network objects:

  • It's the same as before. But I think just the user 2 IP Mapping is made on the DC with STAS.

    I'll test it if I've time.

  • Hi mod2402,

    STAS is supported only with ActiveDirectory, Therefore it will not work with computers that are not member of an ActiveDirectory domain.



  • What did I do wrong here ?

    1. STAS enabled on UTM, installed and configured on DC. I can see live users in STAS tool:

    2. In UTM Client Authentication log there is information about successful login, and two user objects are automatically created:

    2016:03:26-08:38:17 utm2 argos[13752]: [handle_transparent_sso_request]: Received login sso request: username vilic, ip_address, domain_name lab.local
    2016:03:26-08:38:18 utm2 argos[13752]: [auth_aua_recv]: User vilic authenticated [REF_DefaultAdirectoryUserGroup]

    3. But...there is no Online clients listed under STAS status page, and there is no resolved IP for User Network objects:

  • Hi vilic,

    just to be no the same page. You mean that the user isn't listed in Definitions & Users >> Client Authentication under the tab "Global" right?

    If you authenticate a user via STAS as described in your first two points with those log lines, the user should appear in the tab "Global" as described above until a logoff is detected from the STAS collector. Did the user ever showed up there or did the user disappear while you are still logged in?

    Can you reproduce this behavior?

    Regarding the picture in your third point:

    The IP addresses won't be displayed there for performance reasons. It is a bit confusing but the UTM would be really slow with a lot of users logging in / out. So this is expected and you will see the same behavior with Client Authentication (SAA) too.


    Windows has detected you do not have a keyboard. Press 'F9" to continue.

  • Unknown said:

    just to be no the same page. You mean that the user isn't listed in Definitions & Users >> Client Authentication under the tab "Global" right?

    Yes, that was the problem. After some time and several logoff/logon they started to appear.