SonicWALL SonicWALL UTM Appliance manual

Page 7

Selecting any of the predefined schemas will automatically populate the fields used by that schema with their correct values.

Selecting ‘User Defined’ will allow you to specify your own values – use this only if you have a specific or proprietary LDAP schema configuration.

Object class – Select the attribute that represents the individual user account to which the next two fields apply.

Login name attribute – Select one of the following to define the attribute that is used for login authentication:

sAMAccountName for Microsoft Active Directory

cn for Novell eDirectory

uid for others

Qualified login name attribute – Optionally select an attribute of a user object that sets an alternative login name for the user in name@domain format. This may be needed with multiple domains in particular, where the simple login name may not be unique across domains. By default, this is set to userPrincipalName for Microsoft Active Directory and mail RFC2798 inetOrgPerson. Note that userPrincipalName would allow login as, for example, “john.ourdomain.com” where mail would login as “john@ourdomain.com”.

User group membership attribute – Select the attribute that contains information about the groups to which the user object belongs. This is memberOf in Microsoft Active Directory. The other pre- defined schemas store group membership information in the group object rather than the user object, and therefore do not use this field.

Framed IP address attribute – Select the attribute that can be used to retrieve a static IP address that is assigned to a user in the directory. Currently it is only used for a user connecting via L2TP with the SonicWALL’s L2TP server to retrieve the IP address to assign to them from the directory. In the future this may also be supported for Global VPN Client. In Active Directory the static IP address is configured on the Dial-in tab of a user’s properties.

Step 7: On the Directory tab, configure the following fields:

7

Image 7
Contents Contents Page Integrating LDAP/Active Directory with Sonicwall UTM Configuring the CA on the Active Directory ServerImporting the CA Certificate onto the SonicWALL Configuring the SonicWALL Appliance for LdapPage Page Page Page Page Page Page Enable Radius to Ldap Relay Enables this feature Authentication Page Page Page Creating Firewall Rules with Ldap Groups/Users SonicOS Options That Leverage Groups/UsersPage Page Firewall Rules with Bandwidth Management & Logging Page Blocking Domains with Firewall Rules Blocking Websites Domain Names for Groups/UsersPage Page Navigate to Firewall Access Rules Create a rule to allow Http traffic for your allowed lists Do the same for Https Create the deny rules for Http and Https Firewall rules should now look like the below picture Blocking Https SSL Domains with SSL Control Configuring a SSL Blacklist and Whitelist Page Applying Different CFS Policies to Groups Page Creating Custom CFS Policies Navigate to the Policy tab and add a new CFS policy Page Page Page Http//$$fwinterface$$/$#SWLSTYLESCSS#$ Variables for Custom Block Page in SonicOSAdvanced Sample Code for SonicOS Basic Sample Code for SonicOSPage Page Sample Code for SonicOS 5.1 or Earlier Sample JavaScript Code for SonicOSApplying Application Firewall Polices to Groups/Users Page Page Page Page Tightening Control over the Browsing Behavior of Users Blocking IM Traffic Categorically Applying Granular IM Policies Global VPN Client GVC Applying VPN Access Policies to Groups/UsersPage SSL-VPN NetExtender Guest Services Wireless Guest Services