Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 37 subscribers
  • Views 1092 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SATC - Browsers always asking for login and authentication

David Ashcroft

So, we have been using Sophos XG for some time, and unfortunately we have never managed to get SATC working correctly.

We have a Windows Server 2019 Gateway server, and multiple session host servers. Each session host has SATC installed. Tonight I provisioned a new Server 2019 session host server in a new test collection. The new server is getting no computer based group policies, and the user is in a group that receives no group policies either, so that rules those out as being an issue.

I have followed this KB https://support.sophos.com/support/s/article/KB-000036877?language=en_US

From the above link I have installed SATC, entered the Sophos internal interface IP address, added the servers IP with the "system auth thin-client" command in the console, and I've created a firewall rule that allows traffic outbound based on it matching known users. I've also imported the Sophos cert to the Root cert store on the server so that it can perform HTTPS packet inspection and decryption.

So, when I test, here is what is happening:

I am looking into the server as a test account. The session starts without issues. The IP address of the server is 172.16.203.69/16. The Sophos XG inside interface is 172.16.0.200/16. I can ping the interface from the server.

So, after logging in, I go to the XG web interface and look in Current Activities > Live Users

Everything looks good above. It's authenticated by the looks of  it, the IP address is correct, it has a session ID, the username is correct and the time matches the login time. 

So, when I try browsing:

I get the above in Chrome, IE, Firefox and Edge. I have heard that there are issues with Chrome, but this is every browser that I try! 

If I attempt to sign in, I get a nice green tick box, it tells me I am signed in - even though it shouldn't do that. It tells me to open a new browser, which I do, I try google.com and straight back to the login page, where it once again asks me to sign in. 

Has anyone else experienced similar behaviour, or does anyone know how to get around this?

Oh, and we use STAS on our domain controllers to authentication devices when users are not using remote desktop, and this works without issues.



This thread was automatically locked due to age.
Unfiltered HTML