How to configure SonicWall Single Sign On (SSO)
ฝัง
- เผยแพร่เมื่อ 21 ส.ค. 2024
- This is a technical video on single sign on, SSO, with on-prem active directory. SSO is made to automatically discover who’s the user connected to each machine so then you can apply policies based on AD groups. Watch AD integration first.
AD integration video: • How to configure Sonic...
Network segregation video: • Network segregation wi...
DC Security Logs with Advanced Auditing: www.sonicwall....
SSO agent service users group membership www.sonicwall....
Tips and tricks video: • JP's 4 basic security ...
Content Filtering (CFS) video: • How to configure Sonic...
DPI-SSL video: • How to configure Sonic...
Sometimes, when I share information with people and they find it helpful, it brings me a lot of joy. While you're here, generously sharing a wealth of information and knowledge, I can't help but appreciate how grateful your feelings must be. Thanks Mr. Talbot
It’s a great feeling! I must admit. Thanks for your positive comments!
Firewall rules you need to add domain computers to the security filtering for computer policies to be enforced.
Thanks for the awesome video
Nice set of video's, i really like the content you bring. On remark though, do not apply the Audit policy on the domain level. Apply the audit policy to the domain controllers OU. I do wonder if this properly works with nested groups.
Might make mention of URI list for allowed safe sites for entire LAN even if all sites are blocked by default. I find this useful for sites such as the company's web site, their pay sites and any other trusted that they want all users to have access to. Also any plans on doing a video on NSM, especially reports/alerts that can be setup to notify of possible infected traffic?
Jean-Pier your explanation are awesome.
i have an TZ670 Sonicwall, but the sso agent dont wanna connect to my firewall. Do u have maybe any ideas ?
- LDAP configuration Success
- SSO AGENT Connected to the Domaincontroller Success
- SSO AGENT Connect to firewall not possible...
i captured via Monitor testpackages... no package droppt all are "Consumed" from host to firewall , from firewall to host only "generated"
if u have some ideas.... ty
I followed your video for this and setting up with Active Directory and they were very helpful! Do you know if it is possible to set up with two Active Directories on two different servers (one is on the X0 interface, the other is on X2)?
Thanks!
I never tried setting up 2 AD, but the UI does not seems to have any objections. Give it a try. Should work.
Thanks for the videos.
Can you please make video on sonicwall configuration to protect ransomware.
good idea. ill add it to the lengthy list of videos to make when I have some free time
can we use the SSO as it is if workstation are Azure AD joined but user still on local AD synced with Ad connect.
Need help. I have problem SSO, I want to sign-off in workstation and show log-off status in firewall but it still active in firewall when i sign-off.
Been a while since I poked around with SSO. I recall there are 2 ways for SSO agent to get login and log off event. By WMI and another one which I forgot the name.
Then in the video I showed some GPO in the video. That’s to create the login and log off event on the user machine (which is one of the 2 ways SSO checks)
The other way of checking is with AD logs on the DC. There are KBs of what’s the log ID the SSO agent is looking for. Hopefully that will help you find it out yourself. Otherwise best would be to call tech support.
i can't log in sonicwall analytic website what is log in info should I input?
Your mysonicwall.com credential.
Try clearing your browser history and data, or try incognito mode. Might fix it
When I enabled SSO, it broke all connectivity to every single device on my network. Was it maybe because I had not checked "do not initiate SSO" in my policies? I want to use SSO to ALLOW additional stuff, and exclude some users from CFS, but not block anyone or any device
hum, I haven't experienced that. only thing I can see is that SSO does not work and you have this unchecked in access rule: Don't block traffic while waiting for Single Sign On to authenticate users.
otherwise you may want to ping SonicWall support. they pick up the phone quickly and are great.
let us know :-)
everything worked except my LDAP user and groups don't show up under access rule objects or any other objects. any help would be appreciated. please do let me know if you need more info. I'm using NSa2650
Hi,
Best would be to call sonicwall tech support. They rock at fixing hopefully a simple issue.
I have an issue with one site where users are not timing out... if i login as Admin and log off the next user who logs in has the admin permissions.... I need to manually kill the session on the sonicwall and then it picks up the user who is currently logged in... any thoughts?
Unfortunately I really don’t understand the issue you are facing.
Best would be to call sonicwall tech support. They pick up the vast majority of the call without wait time
make video on application control please 🙏
Will do! :-)
What about workgroup users.? This is something which is bothering me.
Workgroup, like in no Active Directory or any authentication server?
Then the only option is to create local users on the firewall.
@@JeanPierTalbot non domain joined devices. Windows 10 Home Devices, Macs
@@vinitbhardwaj8403 ok, well there are no magic, you have no authentication server for the firewall to authenticate users...so you can't get SSO working. sorry.
you could force users to authenticate to the firewall manually before going to the web using local users you created on the firewall.
.
Can we stop pretending people are gonna read the EULA??