Solved

Sonicwall - avoid extra logon to get to Internet

Posted on 2016-09-30
11
42 Views
Last Modified: 2016-10-04
I had this question after viewing SonicWall TZ215 Per User Content Filtering.

The Expert wrote:  "In order for the SonicWALL to differentiate between users, log in must be forced at the SonicWALL so that when users initially try to access the internet, they are redirected to a log in screen. "

What interface will they get? How is it setup?  Is there any way to get around this as a lot of users are going to be irritated by having to 'log on' to the Internet especially if they never did before.  

I have various series of Sonicwall.
0
Comment
Question by:lineonecorp
  • 5
  • 4
  • 2
11 Comments
 

Author Comment

by:lineonecorp
ID: 41824302
Additional consideration. I don't necessarily want to block anything by user. I just want to track which Web sites which users go to.  I don't want to set content filtering by users. Users can go anywhere - I just want to know where they go.
0
 
LVL 6

Expert Comment

by:No More
ID: 41824309
I think the logging is based on IP addresses and not on users, what I would remember
0
 
LVL 6

Expert Comment

by:No More
ID: 41824310
0
 
LVL 6

Expert Comment

by:J Spoor
ID: 41824379
You can either have users login to the SonicWALL so that it can match an IP address to a user. Then logging IS based on users.

OR

You can use the SSO agent (one or more centrally installed) to do this automatically when they login to AD.

check the LiveDemo boxes, all those users are logged in via SSO

see http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:lineonecorp
ID: 41824471
David Fiala:

Thanks for the links but they don't show the user experience.


JSpoor:

http://ngfw-demo.com/ - saw something about Appflow - we don't have it - I think it is a paid add-on

I don't care how it's done whether it's SSO or any other means if it's a one-time thing. In other words I do something once - stick the AD user into the Sonicwall database - or the user does something once - like they would when accepting a certificate for the first time.  I don't want them to forever be having to 'log on' to the Internet. Does any approach do this? I will further refine my criteria - I could live without knowing who is going to what Web site completely. So for instance if I could drag the AD group everyone into the Sonicwall user database and from then on whenever someone goes to the Internet I get a log of what site was gone to and when - metadata, no user information - that would be good enough. IP's are not enough - I would have to translated to URL's and I have not had much luck finding a product that would do that.  If  either of you have a suggestion for that type of product/service I would be interested in knowing about it.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 6

Expert Comment

by:J Spoor
ID: 41824562
you have an Active Directory? If so there are KBs and how to vids on how to deploy SSO.
0
 

Author Comment

by:lineonecorp
ID: 41825038
I have AD.  Do you and if you do and you have SSO tell me what the user experience is going on the internet?  I am not interested in any solution that is different for the user than now - click on browser on their desktop, voila, they can go wherever they want. No login.  And again I don't need to know who is going where when - just need to know what Web sites are being visited collectively.  If  you know something else that would do this easier I would go for it.
J
0
 
LVL 6

Expert Comment

by:J Spoor
ID: 41825142
user experience is he logs on to his machine in the morning, and surfs out to the web. No user prompt on the SonicWALL as he's automatically logged in,

I you have analyzer, the SonicWALL will send all data for urls to there. You do need an active Content Filter license though
1
 

Author Comment

by:lineonecorp
ID: 41825811
Thanks.  When you say he's automatically logged in does he not have to log into the domain with credentials?  Or are you referrring to the fact that once the user has logged into AD they have also auomatically been logged into the Sonicwall via SSO? So you have SSO installed at your site and you have imported your AD into the Sonicwall and hence your user is in the Sonicwall user database?  

If that is correct what if I imported only the Everyone group into the Sonicwall - would it provide the same result? Somehow have Everyone as part of SSO?

I have Content Filtering but not Analyzer.   Is Analyzer a paid add-on? If so, is there no way I can find the urls the users visit without it?
0
 
LVL 6

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41825975
Once the user is logged into AD, he no longer has to loginto the SonicWALL. SSO takes care of that.

You don't need to import anything, just connect the SonicWALL to LDAP with a system account.

Install SSO. Configure everything correctly per guides. And it works.

All the users you see in any reports either on board or offboard on livedemo.sonicwall.com are authenticated via SSO.

Analyzer is a one time fee.

You can use a 3rd party syslog collector as well, but analyzer has buil tin graphical reports to provide what you need.
0
 

Author Closing Comment

by:lineonecorp
ID: 41829178
Thanks for the info. It is what I needed.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now