Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


dell sonicwall nsa 2600

Posted on 2014-01-17
Medium Priority
Last Modified: 2016-11-23
I have a dell sonicwall 2600 and i am trying to set up what users can / cant access.

Under users / groups i have enabled and set up SSO, LDAP and Radius and users seem to be authenticating to the firewall now.

I have 2 groups in AD that i have created called SW_Admins and SW_users  I am in the admins group and a normal user is in the users group. The groups are being mirrored on the sonicwall.

Looking at the groups on the firewall i cant see any users however? How can i get users in these AD groups to show in the mirrored groups? As i want to be able to add / delete people in ad to change their rights.
Question by:CaptainGiblets
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39790277
You don't see the people in the sonicwall, just the groups. The groups mirror and you set rules based on group.

Author Comment

ID: 39790402
so as long as they are a member of the group in AD and the groups mirror it will work on a per user basis?
LVL 26

Accepted Solution

Blue Street Tech earned 2000 total points
ID: 39790548
Hi CaptainGiblets,

The SonicWALL SSO Agent only communicates with clients and the SonicWALL security appliance. Clients will respond with their respective Client IDs and the SonicWALL security appliance will then check with the LDAP server to determine group membership and permissions.

So yes, it syncs with AD so management of the users is still in AD!

P.S. SonicOS version was just released and includes LDAP Group Membership by
Organizational Unit too.

Let me know if you have any other questions!
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!


Author Comment

ID: 39793676
I do have another question to do with content filtering, if you want me to open another question for that though let me know.

Basically I want to have a set up where pretty much most things are banned apart from a couple of categories, however I would like to relax this even further during lunch hours 12:30-2:30. Is there an easy way to do this? From the videos I am watching on youtube it seems like you can only apply 1 Content filter to each zone and that is it.

Edit - Upon further investigation it seems that I could add the URL's that I needed into an address group by creating individual address objects for each site that I want to restrict access to and then block these at any time and by user however its quite a long task to try and keep all sites blocked at the appropriate time. Is there any easier way to do it?
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39793802
Yes, I'd be happy yo answer that for you but it should be handled in new question. Questions should be kept to one main issue in order to be most effective for others users that have similar issues in the future. Close this question by selecting an answer if you are all set with SSO and post a link to your new question here and I'll hop over and address it there!

Author Comment

ID: 39793859
Ok I shall create another question regarding that but while I have been looking at this my SSO seems to have broken.

I am not able to authenticate users using SSO anymore and I am getting these 2 event logs when restarting the dell SSO agent on my server

Error in Send Reset Cache Request (SendResetCacheRequest) - Source:System Message:An invalid IP address was specified.

I cant see anything on the appliance but the sonicwall logs are being flooded with this - HTTPS Handshake: SSL Handshake failure with error 193

Any ideas? Nothing has changed since Friday when it was working.
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39795669
SSL Handshake failure with error 193
this typically occurs when connecting to UTM SSL-VPN using SonicWALL Mobile Connect from a Windows 8.1 PC. The connection fails with Windows error code 2250 (may or may not notify you in Windows).

This error occurs when the SonicWALL UTM appliance has been configured to use only RC4 Ciphers when accepting SSL connections. The option "Enable RC4-Only Cipher Suite Support" is under Encryption Settings of diag page. Disabling this option will restart the appliance immediately. Moreover, this option must remain checked to pass PCI compliance. Instead of disabling this option, follow these steps to change the cipher settings of SSL VPN:

1. Login to the SonicWALL management GUI.
2. Navigate to the SSL VPN > Server settings page.
3. Enable check box Enable Server Cipher Preference (if it isn't already.)
4. From the drop-down under Cipher Methods, select either 3DES_SHA1 or AES256_SHA1.
5. Click on Accept to save the change.
Note: Changing the server settings will reset all active NetExtender connections.
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39796338
My pleasure! Hoping over there now!

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question