Credential Auditor

This feature applies to the following firewalls:

• Gen 7 firewalls running SonicOS 7.3.1 or later
• Gen 8 firewalls running SonicOS 8.2.0 or later

Credential Auditor is a built-in security feature that helps organizations reduce credential-based risks. It validates user passwords against publicly known credential databases and provides actionable insights for administrators. For more information, refer to Credential Auditor.

Credential Auditor also detects if any of the following keys or passwords configured for IPSec VPN policies (Network | IPSec VPN > Rules and Settings > Policies) match entries in publicly known credential databases:

• Authentication Type: Manual Authentication Keys for IPv4
• Authentication Method: SonicWall Auto‑Provisioning Client Keys for IPv6 (including keys without passwords)

Configure Credential Auditor on the Firewall View | Device > Users > Settings > Credential Auditor tab. For more information, refer to Configuring Credential Auditor.

From the Firewall Management Inventory page, you can generate a Credential Auditor Report. For more information, refer to .Generating Credential Auditor Report.

You can also define an alert rule on the Firewall View | Monitor > Alerts & Notifications > Rules to receive Alerts and Notifications. For more information, refer to Creating an Alert Rule.