Who here has struggled getting STAS working?

Reason I ask is that the documentation for it is unavailable, unless I've missed something, however, based on some other threads I perceive there to be the possibility of using STAS created objects within firewall rules.  Initially my assumption for STAS would be that it would strictly be used for the Web Protection module only.

On behalf of the crowd here, I'd like to ask for some documentation on how STAS is to be configured, and where it can be used through out the UTM.

Cheers

  • Hey guys,

    Sorry to resurect an old thread. I was also wondering why use STAS when joining the UTM to an Active Directory domain works pretty well in the first place. Does the STAS agent work better in some way?

     

    Thanks

  • Hi Anthony,

    your question sound like a general misunderstanding of STAS behaviour. Let my try to clarify.

    Joining AD gives you the ability to use SSO with AD backend users.

    STAS gives you the ability to use authenticated users in you policies, without the need to install CAA (Client authentication agent). STAS (Sophos Transparent Authentication Suite), gets information of users that are logged in to workstations, that are a member of AD. That's all.

    You can install authentication agent on client, or you can use STAS instead, if you are not able or willing to install authentication agent on your clients.

    If you are using STAS, the STAS collector should be able to PING your workstations and also to query your workstations via WMI.

     Hope that I understood your question correct and that my answer is helpful.

     

    Greetings

    Holger

  • Hi Holger,

    Thank you for getting back to me. I might have not expressed myself correctly.

    HolgerLehn said:
    Joining AD gives you the ability to use SSO with AD backend users.

    From what I understand, joining AD gives you the ability to import users (by prefetching them in Authentication Services -> Advanced -> Prefetch Directory Users) which then create an object in the UTM and allows them to be used in Web Filtering policies. 

     

    HolgerLehn said:
    STAS gives you the ability to use authenticated users in you policies, without the need to install CAA 

    Does STAS only create user objects in the UTM so that they can be used in Web Filtering policies? What is the point if they can already be prefteched the Prefetch Directory Users utility?

     

    There might in fact be something I misunderstand. If that is the case, can you clarify both options to me and give an example of a situation where on would be preferable to the other?

     

     

    Thank you

  • Anthony,

     

    STAS is not really creating a user, this is just a consequence. If a user is allready existing, this user will of course not created a second time.

    Example for STAS is easy... you want to be able to user object in web filter rules, but you do not want to install authentication client on the users client. STAS helps you to identy that this IP address belongs to a specific user ...... without installing anything on the client.

     

    Greetings

    Holger