SonicWALL SMA - Authentication Scenarios; Access Component Provisioning

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

CommonVPNConfigurations

ProvidingAccesstoWindowsTerminalServicesor

CitrixResources

TogiveusersaccesstoanindividualWindowsTerminalServicesorCitrixhost,oraCitrixserver

farm:

1InstallorupdatetheWindowsTerminalServicesagentortheCitrixagentontheConfigureGraphical

TerminalAgentspage.

2DefinearesourceontheAdd/EditResourcepagefortheWindowsTerminalServicesorCitrixhost,or

theCitrixserverfarm.

3CreatearuleontheAdd/EditAccessRulepagereferencingthe

terminal‐serverresource.

4CreateaWorkPlaceshortcutforaccessingtheWindowsTerminalServiceshostorCitrixresourceonthe

Add/EditTerminalShortcutpage.

AuthenticationScenarios

Realmsareusedbytheapplianceforthefollowingkeypurposes:

• Referencingexternalauthenticationservers

• ProvisioningaccessagentstoVPNusers,basedoncommunitymembership

• DeterminingwhichEndPointControlrestrictionsareimposedonusers’devices

• Controllingtheuser’sloginexperienceataWorkPlaceportal

UsingMultipleRealmsvs.aSingleRealm

Ifyourorganizationusesonlyoneauthenticationserver,you’llprobablyneedtoconfigureonlyonerealmin

AMC.Thereareothersituationsinwhichmultiple authenticationserversarerequired:

•Multipleuserrepositories—Ifyourusersarestoredinmultipledirectories,youmustcreateaseparate

realmforeachone.Forexample,if

youremployeesarestoredonanLDAPserver,whileyourbusiness

partnersarestoredonanActiveDirectoryserver,createaseparaterealmforeachdirectoryserver.

•Chainedauthentication—Forincreasedsecurity,youcanrequireuserstoauthenticatetoasinglerealm

usingtwodifferentauthenticationmethods.Forexample,youset

upRADIUSoradigitalcertificateasthe

firstauthenticationmethod,andLDAPorActiveDirectoryasthesecondone.Tomakethelogin

experienceforyourusersaone‐stepprocess,configureAMCsuchthatusersseeonlyonesetof

prompts.

AccessComponentProvisioning

AlloftheuseraccesscomponentsareprovisionedoractivatedthroughtheWorkPlaceportal.

Optionally,youcanmaketheConnectTunnelclientcomponentsavailableforuserstodownloadandinstallfrom

anothernetworklocation(suchasaWebserver,FTPserver,orfileserver),withoutrequiringthemtologinto



WorkPlace.

Related product manuals