Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Benefits and Requirements of SSO

03/26/2020 89 People found this article helpful 198,179 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Benefits and Requirements of SSO

    Resolution

     

    Benefits of SonicWall SSO:

    SonicWall SSO is a reliable and time-saving feature that utilizes a single login to provide access to multiple network resources based on administrator-configured group memberships and policy matching.
    SonicWall SSO is transparent to end users and requires minimal administrator configuration.

    By automatically determining when users have logged in or out based on workstation IP address traffic, or, for Terminal Services or Citrix, traffic from a particular user at the server IP address,
    SonicWallSSO is secure and hands-free. SSO authentication is designed to operate with any external agent that can return the identity of a user at a workstation or Terminal Services/Citrix server IP address using a SonicWall ADConnector-compatible protocol.

    SonicWall SSO works for any service on the SonicWall security appliances that uses user-level authentication, including Content Filtering Service (CFS), Firewall Access Rules, group membership and inheritance, and security services (Application Control, IPS, GAV and SPY) inclusion/exclusion lists.

    Other benefits of
    SonicWall SSO include:

      Ease of use   Users only need to sign in once to gain automatic access to multiple resources.

      Improved user experience   Windows domain credentials can be used to authenticate a user for any traffic type without logging into the appliance using a Web browser.

      Transparency to users   Users are not required to re-enter user name and password for authentication.

      Secure communication  Shared key encryption for data transmission protection.

     SonicW
    allSSO Agent can be installed on any Windows server on the LAN, and TSA can be installed on any terminal server.

      Multiple SSO Agents   Up to 8 agents are supported to provide capacity for large installations

      Multiple TSAs   Multiple terminal services agents (one per terminal server) are supported. The number depends on the SonicW
    allnetwork security appliance model and ranges from 4 to 256.

      Login mechanism works with any protocol, not just HTTP.

      Browser NTLM authentication   SonicW
    allSSO can authenticate users sending HTTP traffic without using the SSO Agent.

      Mac and Linux support   With Samba 3.5 and higher, SonicW
    allSSO is supported for Mac and Linux users.

      Per-zone enforcement   SonicW
    allSSO can be triggered for traffic from any zone even when not automatically initiated by firewall access rules or security services policies, providing user identification in event logging or App Flow Monitoring.

    Platforms and Supported Standards:

    1) SonicW
    allSSO is available on SonicWall NSA Series appliances running SonicOS Enhanced 5.0 or higher. The SonicWall SSO Agent is compatible with all versions of SonicOS Enhanced that support SonicWall SSO. The SonicWall TSA is supported on SonicOS Enhanced 5.6 and higher, running on SonicWall NSA Series and TZ 210 Series appliances.

    2) The
    SonicWall SSO feature supports LDAP and local database protocols. SonicWall SSO supports SonicWall Directory Connector. SonicWall SSO can also interwork with ADConnector in an installation that includes a SonicWall CSM, but Directory Connector is recommended. For all features of SonicWall SSO to work properly, SonicOS Enhanced 5.5 should be used with Directory Connector 3.1.7 or higher.

    3) To use
    SonicWall SSO with Windows Terminal Services or Citrix, SonicOS Enhanced 5.6 or higher is required, and SonicWall TSA must be installed on the server.

    4) To use
    SonicWall SSO with Browser NTLM authentication, SonicOS Enhanced 5.8 or higher is required. The SonicWall SSO Agent is not required for browser NTLM authentication.

    5)
    SonicWall SSO on SonicOS Enhanced 5.5 and higher is compatible with SonicWall NDConnector for interoperability with Novell users. NDConnector is also available as part of Directory Connector.

    6) Except when using only browser NTLM authentication, using
    SonicWall SSO requires that the SonicWall SSO Agent be installed on a server within your Windows domain that can reach clients and can be reached from the appliance, either directly or through a VPN path, and/or SonicWall TSA be installed on any terminal servers in the domain.

    7) The SonicOS SSO feature is capable of working in Virtual Machine environments, but is not officially supported. This is due to the variety of potential resource consuming environments of VM deployments, making it not practicable to effectively test and verify all possible permutations.

    Requirements for SSO Agent:

    The following requirements must be met in order to run the SSO Agent:

      UDP port 2258 (by default) must be open; the firewall uses UDP port 2258 by default to communicate with
    SonicWall SSO Agent; if a custom port is configured instead of 2258, then this requirement applies to the custom port

      Windows Server, with latest service pack

      .NET Framework 2.0

      Net API or WMI


     

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top