Home Forums Cybersecurity Sophos Firewall: Sophos Authentication for Thin Client (SATC) with Sophos Server

This topic contains 0 voices and has 0 replies.
0 voices
0 replies
  • Author
    Posts
  • August 13, 2023 at 10:42 pm #7847
    modivian
    Keymaster
    105 Points
    Prime Membership
    Write a Blog Post Prime Membership

    Overview

    Sophos Authentication for Thin client (SATC) with Sophos Server Protection enables Sophos Firewall to authenticate users accessing a server or remote desktop. SATC is included with Sophos Server Protection in Sophos Central. It’s part of Sophos Central Server Core Agent and is available with any Server Protection license in Sophos Central. Currently, SATC with Sophos Server Protection only supports Windows Remote Desktop Services. You must download the Windows Server installer from Sophos Central. The installers that you can download would depend on the licenses you have.

    Sophos Firewall controls those authenticated users using a session-based approach via an identity-based firewall rule providing more granular access controls per user group.

    What To Do

    Follow the steps below to set up new SATC client integration with Sophos Server Protection:

    1. In Sophos Central, select your username on the top right side and then select Early Access Program. Find “New Server Protection Features” in the Early Access Program and select join.

    2. Once you have gone through the join process, there will be a join device option in the bottom right corner. Select this and add the terminal server. 
    3. Add the eligible devices:
    4. Once this is done, it may take some time to apply to the terminal server. When writing this article, the versions shown in the screenshot below are the latest versions supporting SATC.

       

    5. You can validate by checking the SophosNetFilter.exe service running from the task manager > Details:


    6. Turn off tamper protection for server protection. Note the current settings before you turn off tamper protection, as you need to change these back once SATC is activated. 
    7. Ensure IPS is turned on in the server’s threat protection policy. This setting is on by default. For more information, refer the screenshot below:
      Path On Sophos Central: Server Protection > Policies > Threat Protection > Settings > Server Protection default settings > Runtime Protection.

       

    8. Set up SATC with Sophos Server Protection. 
    9. On the server, open a command-line console/Power Shell. Add new parameter Satc PendDuration Ms in SATC, run the following command to turn on SatcPendDurationMs parameter
      command: – reg add “HKLM\Software\Sophos\Sophos Network Threat Protection\Application” /v SatcPendDurationMs /t REG_DWORD /d 300

       

    10. Please ensure to reboot the Terminal Server once changes are applied. 
    11. Lastly, check the windows registry to confirm the changes under: HKLM\Software\Sophos\Sophos Network Threat Protection\Application

    If you face any issues or need further assistance with this, kindly reach out to our Support team

  • Author
    Posts

You must be logged in to reply to this topic.