Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

sonicwall tz200 vpn passthrough authentication

Posted on 2010-08-22
11
Medium Priority
?
1,634 Views
Last Modified: 2012-06-22
I am wondering if anyone can direct me to some good instructions on setting up the sonicwall vpn on a tz200 with sonic os enhanced and the sonicwall vpn client to allow for passthrough authentication to a Windows SBS 2003 standard sever.
0
Comment
Question by:linknetworks
  • 6
  • 4
11 Comments
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33497026
0
 
LVL 33

Expert Comment

by:digitap
ID: 33497591
Are you talking about pre-authorization before login or Single Sign-On?
0
 

Author Comment

by:linknetworks
ID: 33497838
I am not that familiar with vpn's so I am not sure what pre-authorization is, but I want whatever is easiest for the end user. Basically I want the user to be able to access the network with minimal input and everything appears the same as when they are logged in at the office. For instance, they run the vpn client and enter the same username and password as they do when in the office and away they go. Hope that makes sense.
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
LVL 33

Expert Comment

by:digitap
ID: 33497982
OK...what I mean by pre-auth is that the GVC authenticates before you login so the laptop has access to the domain.  With the extra information you provided above, I understand your goal.

You can configure the global VPN client to authenticate users via LDAP, RADIUS and the local sonicwall database.  If you want the username and password to be what they use to login to the domain, then you'll want to use LDAP or RADIUS.

LDAP is touch and go for me.  With 2008 R2, I haven't been able to get it to work.  I fall back to RADIUS.  I have two links below for configuring both.  Let me know if you have any questions.

RADIUS: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591

LDAP: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7806
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 33497992
A bit more information:

A VPN (virtual private network) will allow a remote user to make a secure connection from a remote location (home, hotel, etc.) back to the office.  The GroupVPN SA needs to be configured to allow this connectivity.  The two links can take you through a partial configuration.  The link below can walk you through configuring this.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507
0
 

Author Comment

by:linknetworks
ID: 33615000
thanks digitap, I was tied up with a server upgrade and haven't had a chance to give this a go. I will let you know how I make out.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33615005
no worries.
0
 

Author Comment

by:linknetworks
ID: 33623923
I set everything up as per your last link. Ran the sonicwall Global VPN Client and connected fine. I was asked for a username and password when first connecting that was the sonicwall local user account. I was then asked for my domain credentials when I attempted to map a network drive. Is their anyway to eliminate the dual logon prompts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33638752
Is this computer on the domain?  The computer was a domain member, then it should pass the credentials used to login to the device and you wouldn't need to authenticate when mapping the drive.

Configuring the GVC to authenticate a user to the domain will allow a user to only have one set of credentials.  This should make it easier for them.  There are ways we can automate the login process, but this creates a security risk.  Requiring the user to auth via the GVC means no one can access your network externally without the proper credentials from that device.  Hope that part makes sense.
0
 

Author Comment

by:linknetworks
ID: 33668808
Thanks digitap, all works great. The computer I tested on was not part of the domain hence the double autthentication. The domain workstations worked great, single authentication.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33668922
Glad it worked out!  Thanks for the points!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question