• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3952
  • Last Modified:

dell sonicwall nsa 2600

I have a dell sonicwall 2600 and i am trying to set up what users can / cant access.

Under users / groups i have enabled and set up SSO, LDAP and Radius and users seem to be authenticating to the firewall now.

I have 2 groups in AD that i have created called SW_Admins and SW_users  I am in the admins group and a normal user is in the users group. The groups are being mirrored on the sonicwall.

Looking at the groups on the firewall i cant see any users however? How can i get users in these AD groups to show in the mirrored groups? As i want to be able to add / delete people in ad to change their rights.
0
CaptainGiblets
Asked:
CaptainGiblets
  • 4
  • 3
1 Solution
 
Aaron TomoskySD-WAN SimplifiedCommented:
You don't see the people in the sonicwall, just the groups. The groups mirror and you set rules based on group.
0
 
CaptainGibletsAuthor Commented:
so as long as they are a member of the group in AD and the groups mirror it will work on a per user basis?
0
 
Blue Street TechLast KnightCommented:
Hi CaptainGiblets,

The SonicWALL SSO Agent only communicates with clients and the SonicWALL security appliance. Clients will respond with their respective Client IDs and the SonicWALL security appliance will then check with the LDAP server to determine group membership and permissions.

So yes, it syncs with AD so management of the users is still in AD!

P.S. SonicOS version 5.9.0.3 was just released and includes LDAP Group Membership by
Organizational Unit too.

Let me know if you have any other questions!
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
CaptainGibletsAuthor Commented:
I do have another question to do with content filtering, if you want me to open another question for that though let me know.

Basically I want to have a set up where pretty much most things are banned apart from a couple of categories, however I would like to relax this even further during lunch hours 12:30-2:30. Is there an easy way to do this? From the videos I am watching on youtube it seems like you can only apply 1 Content filter to each zone and that is it.

Edit - Upon further investigation it seems that I could add the URL's that I needed into an address group by creating individual address objects for each site that I want to restrict access to and then block these at any time and by user however its quite a long task to try and keep all sites blocked at the appropriate time. Is there any easier way to do it?
0
 
Blue Street TechLast KnightCommented:
Yes, I'd be happy yo answer that for you but it should be handled in new question. Questions should be kept to one main issue in order to be most effective for others users that have similar issues in the future. Close this question by selecting an answer if you are all set with SSO and post a link to your new question here and I'll hop over and address it there!
0
 
CaptainGibletsAuthor Commented:
Ok I shall create another question regarding that but while I have been looking at this my SSO seems to have broken.

I am not able to authenticate users using SSO anymore and I am getting these 2 event logs when restarting the dell SSO agent on my server

Error in Send Reset Cache Request (SendResetCacheRequest) - Source:System Message:An invalid IP address was specified.

I cant see anything on the appliance but the sonicwall logs are being flooded with this - HTTPS Handshake: SSL Handshake failure with error 193

Any ideas? Nothing has changed since Friday when it was working.
0
 
Blue Street TechLast KnightCommented:
SSL Handshake failure with error 193
this typically occurs when connecting to UTM SSL-VPN using SonicWALL Mobile Connect from a Windows 8.1 PC. The connection fails with Windows error code 2250 (may or may not notify you in Windows).

This error occurs when the SonicWALL UTM appliance has been configured to use only RC4 Ciphers when accepting SSL connections. The option "Enable RC4-Only Cipher Suite Support" is under Encryption Settings of diag page. Disabling this option will restart the appliance immediately. Moreover, this option must remain checked to pass PCI compliance. Instead of disabling this option, follow these steps to change the cipher settings of SSL VPN:

1. Login to the SonicWALL management GUI.
2. Navigate to the SSL VPN > Server settings page.
3. Enable check box Enable Server Cipher Preference (if it isn't already.)
4. From the drop-down under Cipher Methods, select either 3DES_SHA1 or AES256_SHA1.
5. Click on Accept to save the change.
Note: Changing the server settings will reset all active NetExtender connections.
0
 
Blue Street TechLast KnightCommented:
My pleasure! Hoping over there now!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now