Who here has struggled getting STAS working?

Question

Reason I ask is that the documentation for it is unavailable, unless I've missed something, however, based on some other threads I perceive there to be the possibility of using STAS created objects within firewall rules. Initially my assumption for STAS would be that it would strictly be used for the Web Protection module only. 
 On behalf of the crowd here, I'd like to ask for some documentation on how STAS is to be configured, and where it can be used through out the UTM. 
 Cheers

AdamBurn · Answer

Hi AzRoN, 
 
 I've managed to get it working ok to a degree. I followed the guide here, not sure if you've seen it already? 
 https://www.sophos.com/en-us/medialibrary/PDFs/documentation/STAS_manual-en.pdf?la=en 
 With the download being here: 
 https://www.sophos.com/en-us/support/utm-downloads.aspx 
 
 I can offer some limited support if you struggle! 
 
 Adam

HolgerLehn · Answer

Hi mod2402, 
 STAS is supported only with ActiveDirectory, Therefore it will not work with computers that are not member of an ActiveDirectory domain. 
 Greetings 
 Holger

HolgerLehn · Answer

Hi Anthony, 
 your question sound like a general misunderstanding of STAS behaviour. Let my try to clarify. 
 Joining AD gives you the ability to use SSO with AD backend users. 
 STAS gives you the ability to use authenticated users in you policies, without the need to install CAA (Client authentication agent). STAS (Sophos Transparent Authentication Suite), gets information of users that are logged in to workstations, that are a member of AD. That's all. 
 You can install authentication agent on client, or you can use STAS instead, if you are not able or willing to install authentication agent on your clients. 
 If you are using STAS, the STAS collector should be able to PING your workstations and also to query your workstations via WMI. 
 Hope that I understood your question correct and that my answer is helpful. 
 
 Greetings 
 Holger

HolgerLehn · Answer

Anthony, 
 
 STAS is not really creating a user, this is just a consequence. If a user is allready existing, this user will of course not created a second time. 
 Example for STAS is easy... you want to be able to user object in web filter rules, but you do not want to install authentication client on the users client. STAS helps you to identy that this IP address belongs to a specific user ...... without installing anything on the client. 
 
 Greetings 
 Holger