Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Unauthenticated Users Getting Dropped When Using STAS

Unauthenticated Users Dropped In STAS:

Issue:

User is using STAS to authenticate users with XG firewall.

User created plain firewall rule on top without ticking “Match known users” tab as shown in below image.

firewall rule
Firewall Rule

This rule will allow all LAN and WIFI users to WAN, even if the user is not authenticated with firewall. But when some user is trying to reach internet, firewall is dropping that traffic with the below “user identity” error.

user identity error
User Identity Error

Normally as per firewall rule, it should allow each and every user even if the user is unauthenticated. But here it is getting dropped.

Resolution:

Identify “Restrict client traffic during identity probe“. Normally the main idea of enabling this option is to keep “unauthenticated users” on hold until the user and his destination IP address is found. Due to which SFOS will drop unauthenticated users for certain time “with this error “User Identity” error.

So now we need to disable the “Restrict client traffic during identity probe” option so that unauthenticated users will no longer be dropped by sophos XG firewall.

disable option
SFOS STAS

Now unauthenticated users will be passed through sophos XG firewall

Hope this article helps you.