Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=STAS

STAS

Sophos Transparent Authentication Suite (STAS) enables users on a Windows domain to automatically sign in to Sophos Firewall when signing in to Windows. STAS eliminates the need for multiple sign-ins and SSO clients on each client device.

STAS consists of an agent and a collector. The agent monitors user authentication requests and sends information to the collector for authentication. The collector collects the user authentication requests from the agent, processes the requests, and sends them to the firewall for authentication.

Note

Only the agent must run on the domain controller. You can install the collector on any other device. The collector generates a high volume of traffic. So, we don't recommend you install the collector on the domain controller.

To download STAS, go to Authentication > Client downloads.

Note

STAS doesn't support LDAP over SSL/TLS connections for eDirectory.

Sophos Transparent Authentication Suite settings

To configure Sophos Firewall in a STAS deployment, turn Enable Sophos Transparent Authentication Suite on and click Activate STAS.

STAS quarantine: For incoming traffic, Sophos Firewall sends a request to the STAS agent to check for a user and destination IP address match. Sophos Firewall drops the traffic if the agent doesn't find a match.

Identity probe time-out: Time Sophos Firewall waits for a response from the agent before it drops the traffic.

Default: 120 seconds

Restrict client traffic during identity probe: - Yes (default): Holds up traffic until the user and destination IP address match is found. - No: Continues to send traffic to the destination IP address during the identity probe.

Enable user inactivity: Turn on to take action when users are inactive.

Inactivity timer: Signs out users after the specified period (in minutes) of inactivity. Users are considered inactive if they don’t transfer the specified volume of data during this period.

Data transfer threshold: Minimum data (in bytes) that users must transfer during the specified period to be considered active.

Collector

The collector collects the user authentication requests from the agent, processes the requests, and sends them to the firewall for authentication.

To add a collector, click Add new collector.

More resources