Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Help with User level authentication settings like Local Users, LDAP, RADIUS

12/20/2019 201 People found this article helpful 103,600 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Introduction to User Management

    SonicWall security appliances provide a mechanism for user level authentication that gives users access to the LAN from remote locations on the Internet as well as a means to enforce or bypass content filtering policies for LAN users attempting to access the Internet. You can also permit only authenticated users to access VPN tunnels and send data across the encrypted connection. The SonicWall authenticates all users as soon as they attempt to access network resources in a different zone (such as WAN, VPN, WLAN, etc.), which causes the network traffic to pass through the SonicWall.

    Users who log into a computer on the LAN, but perform only local tasks are not authenticated by the SonicWall. User level authentication can be performed using a local user database, LDAP, RADIUS, or a combination of a local database with either LDAP or RADIUS. SonicOS also provides Single Sign-On (SSO) capability. SSO can be used in conjunction with LDAP. The local database on the SonicWall can support up to 1000 users. If you have more than 1000 users, you must use LDAP or RADIUS for authentication.

    Resolution

    • Using Local Users and Groups for Authentication
      Local Users are users stored and managed on the security appliance's local database. In the Users | Local Users page, you can view and manage all local users, add new local users, and edit existing local users. The SonicWall security appliance provides a local database for storing user and group information. You can configure the SonicWall to use this local database to authenticate users and control their access to the network. The local database is a good choice if the number of users accessing the network is relatively small.
      KBID 7002 - UTM - CFS: Using custom Content Filter policies to block Internet access to a specific group (CFS + ULA + local groups).For networks with larger numbers of users, user authentication using LDAP or RADIUS servers can be more efficient.

    • Using RADIUS for Authentication
      Remote Authentication Dial In User Service (RADIUS) is a protocol used by SonicWall security appliances to authenticate users who are attempting to access the network. The RADIUS server contains a database with user information, and checks a user's credentials using authentication schemes such as Password Authentication Protocol (PAP), Challenge handshake authentication protocol (CHAP), Microsoft CHAP (MSCHAP), or MSCHAPv2.

      While RADIUS is very different from LDAP, primarily providing secure authentication, it can also provide numerous attributes for each entry, including a number of different ones that can be used to pass back user group memberships. RADIUS can store information for thousands of users, and is a good choice for user authentication purposes when many users need access to the network.

    • Using LDAP / Active Directory / eDirectory Authentication
      In addition to RADIUS and the local user database, SonicOS Enhanced supports LDAP for user authentication, with support for numerous schemas including Microsoft Active Directory (AD), Novell eDirectory directory services, and a fully configurable user-defined option that should allow it to interact with any schema.

      Lightweight Directory Access Protocol (LDAP) defines a directory services structure for storing and managing information about elements in your network, such as user accounts, user groups, hosts, and servers. Several different standards exist that use LDAP to manage user account, group, and permissions. Some are proprietary systems like Microsoft Active Directory which you can manage using LDAP. Some are open standards SAMBA, which are implementations of the LDAP standards. Some are proprietary systems like Novell eDirectory which provide an LDAP API for managing the user repository information.

    See also:

    KBID 7813 UTM - LDAP: Configuring Active Directory/LDAP over TLS (Certificate) on SonicOS Enhanced 
    KBID 7768 UTM: Integration of LDAP and multiple/Custom CFS policies for different user groups (ULA + CFS + LDAP)

    TIP: Microsoft Active Directory also works with SonicWall Single Sign-On and the SonicWall SSO Agent.

     


    • Single Sign-On
      SonicWall SSO is a reliable and time-saving feature that utilizes a single login to provide access to multiple network resources based on administrator-configured group memberships and policy matching. SonicWall SSO is transparent to end users and requires minimal administrator configuration.
      SonicWall SSO works for any service on the SonicWall security appliances that uses user level authentication, including Content Filtering Service (CFS), Firewall Access Rules, group membership and inheritance, and security services (Application Firewall, IPS, GAV, and SPY) inclusion/exclusion lists.

    Other benefits of SonicWall SSO include:

    • Ease of use ' Users only need to sign in once to gain automatic access to multiple resources. 
    • Improved user experience ' Windows domain credentials can be used to authenticate a user for any traffic type without logging in using a Web browser. 
    • Transparency to users ' Users are not required to re-enter user name and password for authentication. 
    • Secure communication ' Shared key encryption for data transmission protection. 
    • SonicWall SSO Agent can be installed on any Windows server on the LAN, and TSA can be installed on any terminal server.
    • Multiple SSO Agents ' Up to 8 agents are supported to provide capacity for large installations 
    • Multiple TSAs ' Multiple terminal services agents (one per terminal server) are supported. The number depends on the SonicWall UTM appliance model and ranges from 4 to 256. 
    • Login mechanism works with any protocol, not just HTTP.

     


    • Terminal Service Agent (TSA):
      To use SonicWall SSO with Windows Terminal Services or Citrix, SonicOS Enhanced 5.6 or higher is required, and SonicWall TSA must be installed on the server.

    See also:

    UTM - TSA: configuring SonicWall Terminal Services Agent
    UTM - TSA: How Does SonicWall Terminal Services Agent (TSA) Work?  

    Related Articles

    • ‘Error sending one-time password’ encountered when connecting to NetExtender
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series

    Categories

    • Firewalls > NSa Series > User Login
    • Firewalls > NSv Series > User Login
    • Firewalls > TZ Series > User Login

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:957d8e7b1ca3887eccd6a78a7ba67e6e-76