Unauthenticated Users Dropped In STAS:
User is using STAS to authenticate users with XG firewall.
User created plain firewall rule on top without ticking “Match known users” tab as shown in below image.
This rule will allow all LAN and WIFI users to WAN, even if the user is not authenticated with firewall. But when some user is trying to reach internet, firewall is dropping that traffic with the below “user identity” error.
Normally as per firewall rule, it should allow each and every user even if the user is unauthenticated. But here it is getting dropped.
Identify “Restrict client traffic during identity probe“. Normally the main idea of enabling this option is to keep “unauthenticated users” on hold until the user and his destination IP address is found. Due to which SFOS will drop unauthenticated users for certain time “with this error “User Identity” error.
So now we need to disable the “Restrict client traffic during identity probe” option so that unauthenticated users will no longer be dropped by sophos XG firewall.
Now unauthenticated users will be passed through sophos XG firewall
Hope this article helps you.