How to Bypass the Single Sign On (SSO) Process

10/14/2021 212 People found this article helpful 50,988 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

When SSO fails to authenticate a device, which is very common for servers and other network appliances that do not normally require authentication to the firewall, a device is put on a time out delay. All connections from that device are held/dropped until either that time out has passed or the device successfully authenticates. This time out is configurable, and by default is 1 minute in the current firmware. Furthermore, once a device has been timed out the SonicWall will reattempt the authentication again 1 minute later causing a repetitive failure cycle where web browsing can be very slow or function in quick bursts.

On the SSO configuration page, there is an option on the Enforcement Tab for Exclusions. Any device which is not going to respond to the SSO agent, such as Server, Routers, Printers, VoIP Phones, etc. Should be identified and excluded from the SSO process. This will reduce the workload on your sonicwall and improve performance for the devices in question.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Create an Address Object Group example: "SSO Bypass Group"

For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances

1. Click Device in the top navigation menu
2. Under Users | Settings
3. Click Configure SSO
   
   
   
   
4. On SSO Configuration Page click on Enforcement Tab
5. On the Enforcement Tab, Under SSO Bypass Click on ADD Bypass.
   
   
   
   
6. Select the Bypass SSO by Addresses and select the address object created under the drop down
7. Click on SAVE
   
   
   
   
8. Save at the bottom to finish the procedure, by clicking the OK button

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Create an Address Object Group example: "SSO Bypass Group"

For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances

1. Click Manage in the top navigation menu
2. Under Users | Settings
3. Click Configure SSO
4. On SSO Configuration Page click on Enforcement Tab
   
5. On the Enforcement Tab, Under SSO Bypass Click on ADD.
6. Select the Bypass SSO by Addresses and select the address object created under the drop down
7. Click on ADD
8. Save at the bottom to finish the procedure, by clicking the OK button

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Step 1: Create an Address Object Group example: "SSO Bypass Group"

Step 2: Create an Address Object for the device you with to bypass, and make it a member of the bypass group from step 1.

For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances (SonicOS Enhanced)

Step 3: Under Users | Settings click Configure SSO... option



Step 4: On the Enforcement Tab, click Add select the group you created in step 1.

Step 5: Save at the bottom to finish the procedure, by clicking the OK button..

Related Articles

• All associated wildcard FQDN IP addresses do not display in the web browser
• How to Re-Install The Junk Store
• SonicWall NSv Series FAQ

Categories

• Firewalls > TZ Series
• Firewalls > SonicWall NSA Series
• Firewalls > SonicWall SuperMassive 9000 Series
• Firewalls > SonicWall SuperMassive E10000 Series