Web Login and User-based Access Rules

Description

In some scenarios end-users are enforced to authenticate via Web Login. This is achieved in SonicOS with access rules requiring users to be authenticated. 

Those rules must include HTTP/HTTPS protocols in the Destination Service field to trigger the Web Login page redirection. User-based access rules not including HTTP/HTTPS services are not recommended and can cause unexpected results.

Cause

The redirection won't happen if the access rule is not including HTTP/HTTPS services. Also, packets hitting this rule but not matching the username condition won't be simply dropped like in basic deny access rules.

The rules may and often does have unintended consequences, such as windows/security updates not occurring when users not logged in yet they, or they were recently logged out due to a inactivity timeout, and the update processes keep on trying. This causes undesired situations, for example when all machines are scheduled to update overnight.

Resolution

Consider using SSO. Bypass non HTTP/HTTPS protocols from Web Login authentication.

How to Force User Login when SSO fails with CFS, IPS, App Rules, etc.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewalls
NSsp Series
Firewalls
NSv Series
Firewalls
SonicWall NSA Series
Firewalls
TZ Series
not finding your answers?
Ask the Community