- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Recommended tips for SonicWall SSO
08/03/2020 
51 People found this article helpful
40,892 Views
Description
Here are some tips for success when implementing SSO. Not all networks are the same so there cannot be a best practice for every network but these changes may go a long way in improving your network performance.
Resolution
1.SonicWall recommends installing SSO agent on a dedicated server within the user domain aside from the domain controller. This will reduce CPU and memory utilization on the domain controller and improve SSO performance along with username identification. SonicWall recommends running the service on a dedicated SSO server host. Although SSO will run on Windows 7 or 10, SonicWall recommends running this program on its own dedicated server in enterprise environments. Some of this information has also been included in the release notes for your reference.
2. Ensure the domain controllers audit login policy is configured correctly so that the SSO agent can monitor login/logoffs. See this KB for more information:
2. When upgrading SSO or moving SSO to a new host you can copy the configuration from the config.xml file and paste it into the new agents config. The config.xml file path is located at C:\Program Files\SonicWall\SSOAgent\config.xml or C:\Program Data\sonicwall\SSO Agent on newer versions
3. SSO probing is not necessary to resolve usernames from within SonicOS, the SSO agent is doing the work. However, if you do have the probing option enabled in SonicOS it should match the probe settings in the SSO agent itself. The TSR can be analyzed to determine probe failures and make a decision on whether or not it's worthwhile having SonicOS probing enabled.
4. Clean up hosts or servers that can not be identified by SSO or are not required to be authenticated by SSO. This can be done by excluding hosts that are not domain joined from SSO in SonicOS e.g. credit card machines, timeclocks.
5. Static entries can also be created in the SSO agent so you can assign specific device names to hosts that cannot be identified. This will help keep sso from wasting time trying to identify hosts that will never be identified and also help you keep track of what's going on inside your network. Note SSO doesn't work at layer 2 so you cannot create static assignments based on mac address.
Related Articles
- Supported Public Cloud Servers/Instance Sizes on SonicWall NSv Series Models
- Why do I need a Support Services Reinstatement?
- How can I configure a VPN between a SonicWall firewall and Microsoft Azure?
Categories
- Firewalls > NSsp Series
- Firewalls > NSa Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > TZ Series
- Firewalls > SonicWall NSA Series
YES
NO