SonicWALL SMA - Role-Based Administration; Sharing Configuration Data; Single Sign-On; System Monitoring and Logging

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel

• Ontheotherhand,employeesconnectingtoWebresourcesmaytrustaself‐signedcertificate.Even

then,youmaywanttoobtainathird‐partycertificatesothatusersarenotpromptedtoaccepta

self‐signedcertificateeachtimetheyconnect.Or,addtheself‐signedcertificatetothe

user’slistof

TrustedRootCertificateAuthoritiesintheWebbrowser.

SingleSign‐On

SingleSign‐On(SSO)isanoptionthatcontrolswhetherusercredentialsareforwardedtobac k‐endWeb

resources.ConfiguringtheappliancetouseSSOpreventstheuserfromhavingtologinmultipletimes(onceto

gettotheappliance,andagaintoaccessanapplicationresource).Theappliancesupports

severaltypesof

Web‐basedSSO:

•Basicauthenticationforwardingisawidelysupportedformofauthenticationforwarding,butisnotvery

securebecauseitsendspasswordsintheclearacrossthenetwork.Theappliancecanbeconfiguredto

sendeachuser’suniqueauthenticationcredentials,orstaticcredentials(thatis,thesame

credentialsfor

allusers).BasicauthenticationforwardingisconfiguredwithinaWebapplicationprofile,whichis

assignedtoone ormoreapplicationresourcesinAMC.

•DomainauthenticationforwardingprovidesasecuremethodforsendingWindowsnetworkcredentials

toaMicrosoftIIS(InternetInformationServices)Webserver.NTLM(WindowsNTLANManager,

also

knownasWindowsNTchallenge/responseauthentication)usesachallenge/responsemechanismto

securelyauthenticateuserswithoutsendingpasswordsintheclearacrossthenetwork.Domain

authenticationforwardingpassesaWindowsdomainnamealongwiththeuser’sauthentication

credentials.

• RSAClearTrustisathird‐partyproductthatprovidesacentralizedmechanism

foradministering

authenticationandsinglesign‐on.Youcanconfiguretheappliancetoreceiveuserauthentication

credentialsandforwardthemtoanyback‐endWebresourcesitisprotecting.

SharingConfigurationData

Tokeepsettingsmatchedup,youcanreplicateanddistributeconfigurationdatatoagroupofSonicWall

appliances.Forexample,youmightha veappliancesindifferentlocationsthatmustshareconfigurations.Thisis

notamergingofdata:someofthesettingsonthereceivingapplian cesareoverwritten(securitypolicyand

CA

certificates,forexample),andothersarenot(networksettings).

Whenyoudefineacollectionofappliancesthatwillsharesettings,thenodesinthecollectioncommunicate

overtheinternalinterfaceusingSSL.Theyoperateinpeer‐to‐peermode:replicationcanbeinitiatedfromany 

systemthatknowsthe

sharedsecretforacollection.Thisisincontrasttothesynchronizationthatoccursina

high‐availabilityclusterofSonicWallappliances,inwhichonenodeisdesignatedthemaster.

Role‐basedAdminist ration

PermissiontomanagetheapplianceandperformspecificadministrationfunctionsusingAMCisassignedin

AMC.Theprimaryadministratordefinestherolesandidentitiesofallsecondaryadministrators,settingthe

permissionlevelsforeachadministrativerole,andcreatingapassword‐protectedaccountforeach

administrator.

SystemMonitoringandLogging

Systemmonitoringandlog gingfeaturesallowadministratorstoviewbothreal‐timeandhistoricaldataabout

theperformanceoftheapplianceanditsaccessservices,aswellasuseractivity.

Main Page

SonicWALL SMA - Role-Based Administration; Sharing Configuration Data; Single Sign-On; System Monitoring and Logging

Table of Contents

Related product manuals