?
Solved

Sonicwall NSA 3500 - Occasional Users end up in “Default” CFS group

Posted on 2012-03-13
12
Medium Priority
?
868 Views
Last Modified: 2012-03-13
At our school we have 3 separate filtering lists. Pupils, Staff and Default. The CFS group they end up in should be defined by their AD security group (So if they are staff, they get the less restricted Staff list).

On occasions a member of staff seems to end up getting the very restricted ‘Default’ group. Logging off/on does not help.

What might be causing this problem?
0
Comment
Question by:stalbansschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37713972
check your NSA-3500 firmware, you can also verify your doamin computers.
in my experience if you use Win xp computer with win 2008 DC on network sometimes this problem occurs.... may i know what OS you are facing this problem?

also please recheck your settings;;; http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7782

i would like to know below;

Your DC OS
How many subnets you have?
Problemetic desktop's OS
do you use any CA?
0
 

Author Comment

by:stalbansschool
ID: 37713996
We are using Windows 7 on all of our clients

We have 3 x Server 2008 R2 DC's

Firmware version is:  SonicOS Enhanced 5.8.0.3-40o

I am not sure what 'CA' is an abbreviation for?
0
 

Author Comment

by:stalbansschool
ID: 37714040
It looks like we can certainly start by looking at updating the firmware (I have just downloaded an updated version 5.8.1.5.

I have not done this before, how long is the device likley to be offline for?
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37714042
180 Seconds only....

latest should be...SonicOS Enhanced 5.8.1.0-30o
0
 

Author Comment

by:stalbansschool
ID: 37714051
Is this likley to cause the problem?
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37714068
Actually NO, but its better to have latest firmware. This may resolve this issue.
Above mention issue could be trust issue, and this type of behaviour is unexpected. plz try to make sure you have configured the Custom CFS as per the above mention link.
0
 

Author Comment

by:stalbansschool
ID: 37714091
Ok, I will read through the link that you posted.  However, we use SSO and I notice that the guide you posted is for when you dont use SSO
0
 

Author Comment

by:stalbansschool
ID: 37714123
I have noticed that in Users >> Settings

The Authentication Method we are using is "RADIUS + Local USers"

and as mentioned above, we are using the Single Sign-on mehtod "SonicWALL SSO Agent"

Everything else seems to be setup correctly
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 2000 total points
ID: 37714134
That could be a issue,,, try as per the guide line...

one more thing dont change anything in live network, the setup recomended only after workinh hours  +   take your setting backup and save on your laptop/desktop... so you can go back....
0
 

Author Comment

by:stalbansschool
ID: 37714210
Why wouldnt we want to use RADIUS?
0
 

Author Closing Comment

by:stalbansschool
ID: 37715226
excellent comment, expert was exactly correct, this was caused by me not having LDAP + Local selected
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37715808
Thank you for nice Comments :)
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question