STAS

Sophos Transparent Authentication Suite (STAS) enables users on a Windows domain to sign in to XG Firewall automatically when signing in to Windows. This eliminates the need for multiple sign-ins and for SSO clients on each client device.

STAS consists of an agent and a collector. The agent monitors user authentication requests and sends information to the collector for authentication. The collector collects the user authentication requests from the agent, processes the requests, and then sends them to the firewall for authentication.

Note Only the agent must run on the domain controller. The collector can be installed on any other machine. Installing the collector on the domain controller may not be advisable due to the volume of traffic that it generates.

To download STAS, go to Authentication > Client downloads.

Sophos Transparent Authentication Suite settings

To configure XG Firewall to be used in a STAS deployment, click the On/Off switch of Enable Sophos Transparent Authentication Suite and then click Activate STAS.

STAS quarantine
For incoming traffic, XG Firewall sends a request to the STAS agent to check for a user and destination IP address match. If the agent doesn't find a match, XG Firewall drops the traffic.
Identity probe time-out
Time XG Firewall waits for a response from the agent before it drops the traffic.
Default: 120 seconds
Restrict client traffic during identity probe

Yes (default): Holds up traffic until the user and destination IP address match is found.

No: Continues to send traffic to the destination IP address during the identity probe.
Enable user inactivity
Turn on to take action when users are inactive.
Inactivity timer

Signs out users after the specified period (in minutes) of inactivity. Users are considered inactive if they don’t transfer the specified volume of data during this period.

Data transfer threshold
Minimum data (in bytes) that users must transfer during the specified period to be considered active.

Collector

The collector collects the user authentication requests from the agent, processes the requests, and then sends them to the firewall for authentication.

To add a collector, click Add new collector.