CFS policies do not correctly apply to the Terminal Servers, users authenticated by SSO/TSA
03/26/2020 41 10701
The default CFS policy is randomly applied to the users authenticated by SSO/TSA, whereas the correct CFS policy is shown next to the specific users in Users | Status.
This applies to all firmware versions, using CFS with App Rules or CFS via Users and Zones.
TSA is not designed to work perfectly without an Access Rule forcing the users loging in Terminal Servers to authenticate.
First of all make sure you are using the latest versions of Terminal Services Agent and the SSO Agent (Directory Services Connector) available in the free download section of your MySonicWall Account.
We need to create the following Access Rule.
EXAMPLE: All Zones to WAN | Source: Firewall Terminal Services Agent | Users included: Everyone
That will force a correct SSO/TSA authentication therefore the appriate CFS policy will be applied to the users authenticated this way.