Solved

dell sonicwall nsa 2600

Posted on 2014-01-17
8
3,534 Views
Last Modified: 2016-11-23
I have a dell sonicwall 2600 and i am trying to set up what users can / cant access.

Under users / groups i have enabled and set up SSO, LDAP and Radius and users seem to be authenticating to the firewall now.

I have 2 groups in AD that i have created called SW_Admins and SW_users  I am in the admins group and a normal user is in the users group. The groups are being mirrored on the sonicwall.

Looking at the groups on the firewall i cant see any users however? How can i get users in these AD groups to show in the mirrored groups? As i want to be able to add / delete people in ad to change their rights.
0
Comment
Question by:CaptainGiblets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39790277
You don't see the people in the sonicwall, just the groups. The groups mirror and you set rules based on group.
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 39790402
so as long as they are a member of the group in AD and the groups mirror it will work on a per user basis?
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39790548
Hi CaptainGiblets,

The SonicWALL SSO Agent only communicates with clients and the SonicWALL security appliance. Clients will respond with their respective Client IDs and the SonicWALL security appliance will then check with the LDAP server to determine group membership and permissions.

So yes, it syncs with AD so management of the users is still in AD!

P.S. SonicOS version 5.9.0.3 was just released and includes LDAP Group Membership by
Organizational Unit too.

Let me know if you have any other questions!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 6

Author Comment

by:CaptainGiblets
ID: 39793676
I do have another question to do with content filtering, if you want me to open another question for that though let me know.

Basically I want to have a set up where pretty much most things are banned apart from a couple of categories, however I would like to relax this even further during lunch hours 12:30-2:30. Is there an easy way to do this? From the videos I am watching on youtube it seems like you can only apply 1 Content filter to each zone and that is it.

Edit - Upon further investigation it seems that I could add the URL's that I needed into an address group by creating individual address objects for each site that I want to restrict access to and then block these at any time and by user however its quite a long task to try and keep all sites blocked at the appropriate time. Is there any easier way to do it?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39793802
Yes, I'd be happy yo answer that for you but it should be handled in new question. Questions should be kept to one main issue in order to be most effective for others users that have similar issues in the future. Close this question by selecting an answer if you are all set with SSO and post a link to your new question here and I'll hop over and address it there!
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 39793859
Ok I shall create another question regarding that but while I have been looking at this my SSO seems to have broken.

I am not able to authenticate users using SSO anymore and I am getting these 2 event logs when restarting the dell SSO agent on my server

Error in Send Reset Cache Request (SendResetCacheRequest) - Source:System Message:An invalid IP address was specified.

I cant see anything on the appliance but the sonicwall logs are being flooded with this - HTTPS Handshake: SSL Handshake failure with error 193

Any ideas? Nothing has changed since Friday when it was working.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39795669
SSL Handshake failure with error 193
this typically occurs when connecting to UTM SSL-VPN using SonicWALL Mobile Connect from a Windows 8.1 PC. The connection fails with Windows error code 2250 (may or may not notify you in Windows).

This error occurs when the SonicWALL UTM appliance has been configured to use only RC4 Ciphers when accepting SSL connections. The option "Enable RC4-Only Cipher Suite Support" is under Encryption Settings of diag page. Disabling this option will restart the appliance immediately. Moreover, this option must remain checked to pass PCI compliance. Instead of disabling this option, follow these steps to change the cipher settings of SSL VPN:

1. Login to the SonicWALL management GUI.
2. Navigate to the SSL VPN > Server settings page.
3. Enable check box Enable Server Cipher Preference (if it isn't already.)
4. From the drop-down under Cipher Methods, select either 3DES_SHA1 or AES256_SHA1.
5. Click on Accept to save the change.
Note: Changing the server settings will reset all active NetExtender connections.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39796338
My pleasure! Hoping over there now!
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question