Forum-Navigation
Bitte Anmelden, um Beiträge und Themen zu erstellen.
STAS (Sophos Transparent Authentication Suite) logon types
#1 · 26. März 2025, 9:07
https://support.sophos.com/support/s/article/KBA-000006347?language=en_US
Overview
This article describes the Sophos Transparent Authentication Suite (STAS) logon types.
Product and Environment
- Sophos Firewall - All supported versions
- Sophos UTM 9
Information
The logon types are seen in Advanced > Show Live Users tab of the STAS client.
| Type | Description |
| 0 | Can be considered as type 2 login in case of EDIR configuration. |
| 1 | The users have logged in via the device's polling method, which means the users have logged in when Sophos Firewall sends polling requests to the collector. The collector would check its local user map and update the user information to Sophos Firewall. |
| 2 | The users have logged in via Active Directory (AD) authentication, which means the STAS agent forwards the users' information based on the event ID generated by the AD. The STAS agent monitors the event ID 672 for Windows 2003 server and 4768 for Windows 2008 and later versions. |
| 3 | The STAS agent runs on a member server and not on the Domain Controller, then the logon type is 3 instead of 2. This type comes with STAS 2.5 and later. |
| 10 | Like type 2 (interactive), the user connects the device from a remote device via Remote Desktop Protocol (RDP) using Remote Desktop, Terminal Services, or Remote Assistance. |
Note: We do not support RDP logins with STAS.