STAS
Sophos Transparent Authentication Suite (STAS) enables users on a Windows domain to sign in to XG Firewall automatically when signing in to Windows. This eliminates the need for multiple sign-ins and for SSO clients on each client device.
STAS consists of an agent and a collector. The agent monitors user authentication requests and sends information to the collector for authentication. The collector collects the user authentication requests from the agent, processes the requests, and then sends them to the firewall for authentication.
To download STAS, go to .
Sophos Transparent Authentication Suite settings
To configure XG Firewall to be used in a STAS deployment, click the Enable Sophos Transparent Authentication Suite On/Off switch and then click Activate STAS.
- STAS quarantine
- For incoming traffic, XG Firewall sends a request
to the STAS agent to check for a user and destination IP address match. If the agent
doesn't find a match, XG Firewall drops the traffic.
- Identity probe time-out
- Time XG Firewall waits for a response from the agent before it drops the traffic.
- Restrict client traffic during identity probe
-
Yes (default): Holds up traffic until the user and destination IP address match is found.
- Enable user inactivity
- Turn on to take action when users are inactive.
- Inactivity timer
-
Signs out users after the specified period (in minutes) of inactivity. Users are considered inactive if they don’t transfer the specified volume of data during this period.
- Data transfer threshold
- Minimum data (in bytes) that users must transfer during the specified period to be considered active.
Collector
The collector collects the user authentication requests from the agent, processes the requests, and then sends them to the firewall for authentication.
To add a collector, click Add new collector.