SonicWALL SonicWALL UTM Appliance manual Integrating LDAP/Active Directory with Sonicwall UTM

Page 3

Integrating LDAP/Active Directory with Sonicwall UTM

SonicOS supports a range of different LDAP servers, the most popular being Active Directory (AD). AD is also an LDAP implementation. Please refer to the following paper as a supplement on how to configure LDAP settings.

http://www.sonicwall.com/downloads/LDAP_Integration_Feature_Module.pdf

LDAP over SSL

Integrating your SonicWALL appliance with an LDAP directory service using SSL requires configuring your LDAP server for certificate management, installing the correct certificate on your SonicWALL appliance, and configuring the SonicWALL appliance to use the information from the LDAP Server.

NOTE: SSL is not required for LDAP integration. The downside is that user credentials are sent across the network unencrypted. This is considered highly insecure.

Before beginning your LDAP configuration, you should prepare your LDAP server and your SonicWALL for LDAP over TLS support. This requires:

Installing a server certificate on your LDAP server.

Installing a Certificate Authority (CA) certificate for the issuing CA on your SonicWALL appliance.

The following procedures describe how to perform these tasks in an Active Directory environment.

Configuring the CA on the Active Directory Server

To configure the CA on the Active Directory server (skip the first five steps if Certificate Services are already installed):

Step 1: Navigate to Start > Settings > Control Panel > Add/Remove Programs.

Step 2: Select Add/Remove Windows Components.

Step 3: Select Certificate Services.

Step 4: Select Enterprise Root CA when prompted.

Step 5: Enter the requested information. For information about certificates on Windows systems, see

http://support.microsoft.com/kb/931125.

Step 6: Launch the Domain Security Policy application: Navigate to Start > Run and run the

command: dompol.msc.

Step 7: Open Security Settings > Public Key Policies.

Step 8: Right click Automatic Certificate Request Settings.

Step 9: Select New > Automatic Certificate Request.

Step 10: Follow through the wizard, and select Domain Controller from the list.

3

Image 3
Contents Contents Page Integrating LDAP/Active Directory with Sonicwall UTM Configuring the CA on the Active Directory ServerImporting the CA Certificate onto the SonicWALL Configuring the SonicWALL Appliance for LdapPage Page Page Page Page Page Page Enable Radius to Ldap Relay Enables this feature Authentication Page Page Page Creating Firewall Rules with Ldap Groups/Users SonicOS Options That Leverage Groups/UsersPage Page Firewall Rules with Bandwidth Management & Logging Page Blocking Domains with Firewall Rules Blocking Websites Domain Names for Groups/UsersPage Page Navigate to Firewall Access Rules Create a rule to allow Http traffic for your allowed lists Do the same for Https Create the deny rules for Http and Https Firewall rules should now look like the below picture Blocking Https SSL Domains with SSL Control Configuring a SSL Blacklist and Whitelist Page Applying Different CFS Policies to Groups Page Creating Custom CFS Policies Navigate to the Policy tab and add a new CFS policy Page Page Page Http//$$fwinterface$$/$#SWLSTYLESCSS#$ Variables for Custom Block Page in SonicOSAdvanced Sample Code for SonicOS Basic Sample Code for SonicOSPage Page Sample Code for SonicOS 5.1 or Earlier Sample JavaScript Code for SonicOSApplying Application Firewall Polices to Groups/Users Page Page Page Page Tightening Control over the Browsing Behavior of Users Blocking IM Traffic Categorically Applying Granular IM Policies Global VPN Client GVC Applying VPN Access Policies to Groups/UsersPage SSL-VPN NetExtender Guest Services Wireless Guest Services