Filter
Top Products
User Management
1004
SonicOS 5.8.1 Administrator Guide
The SonicWALL SSO feature supports LDAP and local database protocols. SonicWALL SSO
supports SonicWALL Directory Connector. SonicWALL SSO can also interwork with
ADConnector in an installation that includes a SonicWALL CSM, but Directory Connector is
recommended. For all features of SonicWALL SSO to work properly, SonicOS Enhanced 5.5
should be used with Directory Connector 3.1.7 or higher.
To use SonicWALL SSO with Windows Terminal Services or Citrix, SonicOS Enhanced 5.6 or
higher is required, and SonicWALL TSA must be installed on the server.
To use SonicWALL SSO with browser NTLM authentication, SonicOS Enhanced 5.8 or higher
is required. The SonicWALL SSO Agent is not required for browser NTLM authentication.
SonicWALL SSO on SonicOS Enhanced 5.5 and higher is compatible with SonicWALL
NDConnector for interoperability with Novell users. NDConnector is also available as part of
Directory Connector.
Except when using only browser NTLM authentication, using SonicWALL SSO requires that the
SonicWALL SSO Agent be installed on a server within your Windows domain that can reach
clients and can be reached from the appliance, either directly or through a VPN path, and/or
SonicWALL TSA be installed on any terminal servers in the domain.
The SonicOS SSO feature is capable of working in Virtual Machine environments, but is not
officially supported. This is due to the variety of potential resource consuming environments of
VM deployments, making it not practicable to effectively test and verify all possible
permutations.
The following requirements must be met in order to run the SSO Agent:
• UDP port 2258 (by default) must be open; the firewall uses UDP port 2258 by default to
communicate with SonicWALL SSO Agent; if a custom port is configured instead of 2258,
then this requirement applies to the custom port
• Windows Server, with latest service pack
• .NET Framework 2.0
• Net API or WMI
Note Mac and Linux PCs do not support the Windows networking requests that are used by the
SonicWALL SSO Agent, and hence require Samba 3.5 or newer to work with SonicWALL
SSO. Without Samba, Mac and Linux users can still get access, but will need to log in to do
so. They can be redirected to the login prompt if policy rules are set to require
authentication. For more information, see “Accommodating Mac and Linux Users”
on
page 1105.
The following requirements must be met in order to run the SonicWALL TSA:
• UDP port 2259 (by default) must be open on all terminal servers on which TSA is installed;
the firewall uses UDP port 2259 by default to communicate with SonicWALL TSA; if a
custom port is configured instead of 2259, then this requirement applies to the custom port
• Windows Server, with latest service pack
• Windows Terminal Services or Citrix installed on the Windows Terminal Server system(s);
Citrix XenApp 5.0 is supported