User Management
606
SonicOS Enhanced 4.0 Administrator Guide
Users that are identified but lack the group memberships required by the configured policy rules
are redirected to the Access Barred page.
Benefits
SonicWALL SSO is a reliable and time-saving feature that utilizes a single login to provide
access to multiple network resources based on administrator-configured group memberships
and policy matching. SonicWALL SSO is transparent to end users and requires minimal
administrator configuration.
By automatically determining when users have logged in or out based on workstation IP
address traffic, SonicWALL SSO is secure and hands-free. SSO authentication is designed to
operate with any external agent that can return the identity of a user at a specific IP address
using a SonicWALL ADConnector-compatible protocol.
SonicWALL SSO works for any service on the SonicWALL security appliances that uses user-
level authentication, including Content Filtering Service (CFS), Firewall Access Rules, group
membership and inheritance, and security services (IPS, GAV, SPY and Application Firewall)
inclusion/exclusion lists.
Other benefits of SonicWALL SSO include:
Ease of use — Users only need to sign in once to gain automatic access to multiple
resources.
Improved user experience — Windows domain credentials can be used to authenticate a
user for any traffic type without logging in using a Web browser.
Transparency to users — Users are not required to re-enter user name and password for
authentication.
Secure communication — Shared key encryption for data transmission protection.
SonicWALL SSO Agent can be installed on any workstation on the LAN.
Login mechanism works with any protocol, not just HTTP.
Platforms
SSO is available on SonicWALL security appliances running SonicOS 4.0 Enhanced.
Supported Standards
The SonicOS Enhanced 4.0 SSO feature supports LDAP and local database protocols.
To use SonicWALL SSO, it is required that the SonicWALL SSO Agent be installed on the
workstations within your Windows domain that can reach clients directly using a static IP or
through a VPN path. The following requirements must be met in order to run the SSO Agent:
Port 2258 must be open; the firewall uses UDP port 2258 by default to communicate with
SonicWALL SSO Agent
Windows 32 or XP, with latest service pack
.NET Framework 2.0