Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
455
When importing a user from AD, the user is placed into the local Secure Mobile Access group with which they
have the most AD groups in common. For example: Bob belongs to the Users, Administrators, and Engineering
AD groups. If one Secure Mobile Access group is associated with Users, and another is associated with both
Administrators and Engineering, Bob is assigned to the Secure Mobile Access group with both Administrators and
Engineering because it matches more of his own AD groups.
The goal of this use case is to show that Secure Mobile Access firmware supports group-based access policies by
configuring the following:
• Allow Acme Group in Active Directory to access the 10.200.1.102 server using SSH
• Allow Mega Group in Active Directory to access Outlook Web Access (OWA) at 10.200.1.10
• Allow IT Group in Active Directory to access both SSH and OWA resources defined previously
• Deny access to these resources to all other groups
This example configuration is provided courtesy of Vincent Cai, June 2008.
Figure 67. Network Topology
Perform the tasks in order of the following sections:
• Creating the Active Directory Domain on page 455
• Adding a Global Deny All Policy on page 456
• Creating Local Groups on page 457
• Adding the SSHv2 PERMIT Policy on page 459
• Adding the OWA PERMIT Policies on page 460
• Verifying the Access Policy Configuration on page 462
Creating the Active Directory Domain
This section describes how to create the Secure Mobile Access Local Domain, SNWL_AD. SNWL_AD is associated
with the Active Directory domain of the OWA server.
1 Log in to the Secure Mobile Access management interface and navigate to the Portals > Domains page.
To Next Page
Loading...
