- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Benefits and Requirements of SSO
03/26/2020 
81 People found this article helpful
44,194 Views
Description
Benefits and Requirements of SSO
Resolution
Benefits of SonicWall SSO:
SonicWall SSO is a reliable and time-saving feature that utilizes a single login to provide access to multiple network resources based on administrator-configured group memberships and policy matching. SonicWall SSO is transparent to end users and requires minimal administrator configuration.
By automatically determining when users have logged in or out based on workstation IP address traffic, or, for Terminal Services or Citrix, traffic from a particular user at the server IP address, SonicWallSSO is secure and hands-free. SSO authentication is designed to operate with any external agent that can return the identity of a user at a workstation or Terminal Services/Citrix server IP address using a SonicWall ADConnector-compatible protocol.
SonicWall SSO works for any service on the SonicWall security appliances that uses user-level authentication, including Content Filtering Service (CFS), Firewall Access Rules, group membership and inheritance, and security services (Application Control, IPS, GAV and SPY) inclusion/exclusion lists.
Other benefits of SonicWall SSO include:
Ease of use Users only need to sign in once to gain automatic access to multiple resources.
Improved user experience Windows domain credentials can be used to authenticate a user for any traffic type without logging into the appliance using a Web browser.
Transparency to users Users are not required to re-enter user name and password for authentication.
Secure communication Shared key encryption for data transmission protection.
SonicWallSSO Agent can be installed on any Windows server on the LAN, and TSA can be installed on any terminal server.
Multiple SSO Agents Up to 8 agents are supported to provide capacity for large installations
Multiple TSAs Multiple terminal services agents (one per terminal server) are supported. The number depends on the SonicWallnetwork security appliance model and ranges from 4 to 256.
Login mechanism works with any protocol, not just HTTP.
Browser NTLM authentication SonicWallSSO can authenticate users sending HTTP traffic without using the SSO Agent.
Mac and Linux support With Samba 3.5 and higher, SonicWallSSO is supported for Mac and Linux users.
Per-zone enforcement SonicWallSSO can be triggered for traffic from any zone even when not automatically initiated by firewall access rules or security services policies, providing user identification in event logging or App Flow Monitoring.
Platforms and Supported Standards:
1) SonicWallSSO is available on SonicWall NSA Series appliances running SonicOS Enhanced 5.0 or higher. The SonicWall SSO Agent is compatible with all versions of SonicOS Enhanced that support SonicWall SSO. The SonicWall TSA is supported on SonicOS Enhanced 5.6 and higher, running on SonicWall NSA Series and TZ 210 Series appliances.
2) The SonicWall SSO feature supports LDAP and local database protocols. SonicWall SSO supports SonicWall Directory Connector. SonicWall SSO can also interwork with ADConnector in an installation that includes a SonicWall CSM, but Directory Connector is recommended. For all features of SonicWall SSO to work properly, SonicOS Enhanced 5.5 should be used with Directory Connector 3.1.7 or higher.
3) To use SonicWall SSO with Windows Terminal Services or Citrix, SonicOS Enhanced 5.6 or higher is required, and SonicWall TSA must be installed on the server.
4) To use SonicWall SSO with Browser NTLM authentication, SonicOS Enhanced 5.8 or higher is required. The SonicWall SSO Agent is not required for browser NTLM authentication.
5) SonicWall SSO on SonicOS Enhanced 5.5 and higher is compatible with SonicWall NDConnector for interoperability with Novell users. NDConnector is also available as part of Directory Connector.
6) Except when using only browser NTLM authentication, using SonicWall SSO requires that the SonicWall SSO Agent be installed on a server within your Windows domain that can reach clients and can be reached from the appliance, either directly or through a VPN path, and/or SonicWall TSA be installed on any terminal servers in the domain.
7) The SonicOS SSO feature is capable of working in Virtual Machine environments, but is not officially supported. This is due to the variety of potential resource consuming environments of VM deployments, making it not practicable to effectively test and verify all possible permutations.
Requirements for SSO Agent:
The following requirements must be met in order to run the SSO Agent:
UDP port 2258 (by default) must be open; the firewall uses UDP port 2258 by default to communicate with SonicWall SSO Agent; if a custom port is configured instead of 2258, then this requirement applies to the custom port
Windows Server, with latest service pack
.NET Framework 2.0
Net API or WMI
Related Articles
- DNS Resolution of Wildcard FQDN Address Objects
- All associated wildcard FQDN IP addresses do not display in the web browser
- How to Re-Install The Junk Store
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO