SonicWALL SonicWALL UTM Appliance manual Enable Radius to Ldap Relay Enables this feature

Page 12

Step 11: On the LDAP Relay tab, configure the following fields:

The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site with an LDAP/AD server and a central SonicWALL with remote satellite sites connected into it via older low-end SonicWALL security appliances that may not support LDAP. In that case the central SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server.

Additionally, for remote SonicWALLs running non-enhanced firmware, with this feature the central SonicWALL can return legacy user privilege information to them based on user group memberships learned via LDAP. This avoids what can be a very complex configuration of an external RADIUS server such as IAS, for those SonicWALLs.

Enable RADIUS to LDAP Relay – Enables this feature.

Allow RADIUS clients to connect via – Check the relevant checkboxes and policy rules will be added to allow incoming RADIUS requests accordingly.

RADIUS shared secret – This is a shared secret common to all remote SonicWALLs.

User groups for legacy VPN users – Defines the user group that corresponds to the legacy ‘Access to VPNs’ privileges. When a user in this user group is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.

User groups for legacy VPN client users – Defines the user group that corresponds to the legacy ‘Access from VPN client with XAUTH’ privileges. When a user in this user group is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.

User groups for legacy L2TP users – Defines the user group that corresponds to the legacy ‘Access from L2TP VPN client’ privileges. When a user in this user group is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.

User groups for legacy users with Internet access – Defines the user group that corresponds to the legacy ‘Allow Internet access (when access is restricted)’ privileges. When a user in this user group is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.

NOTE: The ‘Bypass filters’ and ‘Limited management capabilities’ privileges are returned based on membership to user groups named ‘Content Filtering Bypass’ and ‘Limited Administrators’ – these are not

12

Page 11 Page 13
Image 12
Page 11 Page 13
Contents Contents Page Configuring the CA on the Active Directory Server Integrating LDAP/Active Directory with Sonicwall UTMConfiguring the SonicWALL Appliance for Ldap Importing the CA Certificate onto the SonicWALLPage Page Page Page Page Page Page Enable Radius to Ldap Relay Enables this feature Authentication Page Page Page SonicOS Options That Leverage Groups/Users Creating Firewall Rules with Ldap Groups/UsersPage Page Firewall Rules with Bandwidth Management & Logging Page Blocking Websites Domain Names for Groups/Users Blocking Domains with Firewall RulesPage Page Navigate to Firewall Access Rules Create a rule to allow Http traffic for your allowed lists Do the same for Https Create the deny rules for Http and Https Firewall rules should now look like the below picture Blocking Https SSL Domains with SSL Control Configuring a SSL Blacklist and Whitelist Page Applying Different CFS Policies to Groups Page Creating Custom CFS Policies Navigate to the Policy tab and add a new CFS policy Page Page Page Variables for Custom Block Page in SonicOS Http//$$fwinterface$$/$#SWLSTYLESCSS#$Basic Sample Code for SonicOS Advanced Sample Code for SonicOSPage Page Sample JavaScript Code for SonicOS Sample Code for SonicOS 5.1 or EarlierApplying Application Firewall Polices to Groups/Users Page Page Page Page Tightening Control over the Browsing Behavior of Users Blocking IM Traffic Categorically Applying Granular IM Policies Applying VPN Access Policies to Groups/Users Global VPN Client GVCPage SSL-VPN NetExtender Guest Services Wireless Guest Services
Top Page Image Contents