- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Wireless: LHM - Session creation failed: The request for authorization failed.
03/26/2020 
9 People found this article helpful
44,314 Views
Description
Wireless: LHM - Session creation failed: The request for authorization failed.
Resolution
LHM Overview
Configuration Example
In this example, the wireless client is 172.16.4.2, the WLAN interface is 172.16.4.1, the LAN interface is 10.50.161.113, and the ABE is on the LAN with IP 10.50.161.119. Here are the basic steps for configuration (as it pertains to this example):
1. WLAN Zone > Guest Services > Enable Wireless Guest Services
2. WLAN Zone > Guest Services > Enable External Guest Authentication, then click Configure
3. WLAN Zone > Guest Services > EGA > General > Web Server - 10.50.161.119 (HTTP port 80)
4. WLAN Zone > Guest Services > EGA > Auth Pages > Login Page - default.aspx
Steps 3 and 4 tell the SonicWall to redirect the guest to http://10.50.161.119/default.aspx
Once configuration is complete, make note of these auto-created objects:
Guest Auth Server Address Object
This is an address object for the server defined at WLAN Zone > Guest Services > EGA > General > Web Server. Notice that it’s in the WLAN zone. This is correct, even though the server is actually in the LAN zone. If the server was out on the Internet (WAN zone), the object would still be assigned to the WLAN zone.
External Guest Auth Service Object
This is a service object for External Guest Authentication, which is used when the LHM server posts the session authorization back to the SonicWall.
External Guest Auth NAT Policy
This is a NAT policy for the session authorization post from the LHM server. Notice the inbound/outbound interfaces are X0, and the original destination is X0 IP. This is because the session authorization post will be coming from the webserver, which is on the LAN (X0). If the webserver were on the WAN, then the inbound/outbound interfaces would be X1, and the original destination would be X1 IP.
External Guest Auth Access Rule
This is the access rule that allows the webserver to post the session authorization to the SonicWall’s X0 interface IP on TCP port 4043.
If the server were on the WAN, then the access rule would look like this:
Troubleshooting
The user is redirected to the default.aspx page on the webserver, but after entering his credentials, he gets this message:
Session creation failed: The request for authorization failed…
and the firewall log shows this:
TCP connection dropped - 10.50.161.120, 1291, LAN – 10.50.161.113, 4043, LAN - TCP iMesh
This is the session authorization attempt from the webserver (TCP 4043), which should be allowed by the access rule automatically created (see object #4 above). If the firewall is dropping this connection attempt, check to see if the access rule exists. Also, check the source address in the log message - the TCP connection attempt should be coming from the Guest Auth Server defined at WLAN Zone > Guest Services > EGA > General > Web Server.
Related Articles
- How to Create Gen 7 Settings File by Using the Online Migration Tool
- DNS Resolution of Wildcard FQDN Address Objects
- All associated wildcard FQDN IP addresses do not display in the web browser
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO