CFS policies do not correctly apply to the Terminal Servers, users authenticated by SSO/TSA

Description

The default CFS policy is randomly applied to the users authenticated by SSO/TSA, whereas the correct CFS policy is shown next to the specific users in Users | Status. 

This applies to all firmware versions, using CFS with App Rules or CFS via Users and Zones. 

Cause

TSA is not designed to work perfectly without an Access Rule forcing the users loging in Terminal Servers to authenticate. 

Resolution

First of all make sure you are using the latest versions of Terminal Services Agent and the SSO Agent (Directory Services Connector) available in the free download section of your MySonicWall Account. 

 

We need to create the following Access Rule.

EXAMPLE: All Zones to WAN | Source: Firewall Terminal Services Agent | Users included: Everyone 

Image

That will force a correct SSO/TSA authentication therefore the appriate CFS policy will be applied to the users authenticated this way. 

Related Articles

  • How to apply CFS policies to SAML User Groups using OKTA as IdP?
    Read More
  • How to block ICMP (Ping ) using Application control
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community