Sonicwall Services - Domain password change
Dear Sonicwall Expert,
Our company is using Sonicwall NSA3500 UTM. more services are running on it. VPN, Global VPN, Intrusion prevention, App Control, CFS and so on. There are few VPN connection are configured and running well. There are few customised CFS configured and user group configured imported from LDAP server. DMZ is configured also for Spam filter for exchange 2010.
Now, our new System Administrator wants to change the administrator password of our Domain. I know that there are things to be consider before changing the Domain password. Specially we have several servers running in our environment. And frankly, I am new to sonicwall firewalls. I didn't touch much of the settings since it was configured fine by ex IT Admin.
My concern is, when domain administrator password is change, does it affect the firewall services? What services will be affected? And which part from the sonicwall UI should I go and make a changes?
Our company is using Sonicwall NSA3500 UTM. more services are running on it. VPN, Global VPN, Intrusion prevention, App Control, CFS and so on. There are few VPN connection are configured and running well. There are few customised CFS configured and user group configured imported from LDAP server. DMZ is configured also for Spam filter for exchange 2010.
Now, our new System Administrator wants to change the administrator password of our Domain. I know that there are things to be consider before changing the Domain password. Specially we have several servers running in our environment. And frankly, I am new to sonicwall firewalls. I didn't touch much of the settings since it was configured fine by ex IT Admin.
My concern is, when domain administrator password is change, does it affect the firewall services? What services will be affected? And which part from the sonicwall UI should I go and make a changes?
ASKER
thank you Sinocide for the quick response, but forgive me, I don't have idea where I can find that SSO to change?
ASKER
Hi sinocide, i've checked on the sonicwall and we're not using SSO. what i saw on the settings is "Authentication method for login: LDAP + Local Users".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also just to be sure, you will also have to login to your LDAP server and check if you have a SonicWall agent running. Kindly go to the start menu-->run and type in Services.msc then locate the Sonic Wall Agent service. Double click on it and go to the "Log On" tab.
If the "Local System Account" Button is selected than just ensure that the service is started and running.
If the "This Account" is selected enter your new Administrator password there.
Best Regards
If the "Local System Account" Button is selected than just ensure that the service is started and running.
If the "This Account" is selected enter your new Administrator password there.
Best Regards
ASKER
Thank you so much for the help. Now I know where to go when password changed. Once again, thank you SiNoCide! Thanks to experts exchange. More Power!
It seems that you have SSO(sing sign-on) configured on the SonicWall. If that is the case there will be Active Directory administrator login credentials configured on the Sonic Wall so that it will be able to correlate IP's with the Domain Users from the agent. There will also be a SonicWall agent on your active directory. The password will have to be changed otherwise the Sonicwall will fail to lookup the Domain Users from your AD.
Once that happens all application control policies and policies related to your i.e <domain>\domain users will also not work/
As for the VPNs they only have Phase 1 and Phase 2 preshared keys that has nothing to do with your domains passwords.
Your Spam filter is configured by having a NAT and directing all SMTP to your Mail Gateway or by having an Anti-Spam policy configured so that will also not be affected.
As long as you change the password for SSO on the sonic wall/agent and ensure that you have connectivity to your AD server you should be okay. (You can verify connectivity from the Sonicwall Web GUI as well).
Best Regards
Sinan Barghouthi
Network Security Engineer
JNCIA-FWV, JNCIA-IDP, CCA-NS, TCSM-DS8.0