Managing SonicOS with HTTP Login from a Terminal Server

The SonicWall network security appliance normally grants access through policies based on authentication credentials supplied through an HTTP login for one user at an IP address. For users on a terminal server, this method of authenticating one user per IP address is not possible. However, HTTP login is still allowed from a terminal server only for the purpose of administration of the appliance, subject to the following limitations and requirements:

• Internet access from the terminal server is controlled from the TSA, and HTTP login does not override that — a user on a terminal server is not granted any access through the network security appliance based on credentials supplied through an HTTP login.
• HTTP login from a terminal server is allowed only for the built-in admin account and other user accounts with administrator privileges. An attempt to log in with a non-administrative account fails with the error: Not allowed from this location.
• On successful HTTP login, an administrative user is taken straight to the Management Interface. The small User Login Status page is not displayed.
• The administrative user account used for HTTP login from the terminal server does not need to be the same user account that was used for login to the terminal server. It is shown on the network security appliance as an entirely separate login session.
• Only one user at a time can manage the network security appliance from a given terminal server. If two users attempt to do so simultaneously, the most recently logged in user takes precedence, and the other user sees the error: This is not the browser most recently used to log in.
• On a failure to identify a user due to communication problems with the TSA, an HTTP browser session is not redirected to the Web login page (as happens on a failure in the SSO case). Instead, it goes to a new page with the message: The destination that you were trying to reach is temporarily unavailable due to network problems.