User Management
1009
SonicOS 5.8.1 Administrator Guide
Note The shared key is generated in the SSO Agent and the key entered in the SonicWALL
security appliance during SSO configuration must match the SSO Agent-generated key
exactly.
The SonicWALL security appliance queries the SonicWALL SSO Agent over the default port
2258. The SSO Agent then communicates between the client and the SonicWALL security
appliance to determine the client’s user ID. The SonicWALL SSO Agent is polled, at a rate that
is configurable by the administrator, by the SonicWALL security appliance to continually confirm
a user’s login status.
Logging
The SonicWALL SSO Agent sends log event messages to the Windows Event Log based on
administrator-selected logging levels.
The SonicWALL security appliance also logs SSO Agent-specific events in its event log. The
following is a list of SSO Agent-specific log event messages from the SonicWALL security
appliance:
• User login denied - not allowed by policy rule – The user has been identified and does
not belong to any user groups allowed by the policy blocking the user’s traffic.
• User login denied - not found locally – The user has not been found locally, and Allow
only users listed locally is selected in the SonicWALL security appliance.
Internet
SonicWALL UTM Appliance
SSO Agent
default port 2258
SSO Agent is installed on any
server with LAN access*
SonicWALL SSO with SSO Agent
Communication in these steps
(between the SSO Agent and
client / firewall) is encrypted
using a shared key which is
generated by the SSO Agent.
A client logs into the network and attempts to access the Internet or other network resources.
The SSO module on the SonicWALL UTM appliance queries the SonicWALL SSO Agent (default
port 2258) for the client ID.
The SonicWALL SSO Agent forwards the request to the
client and the client responds with its client ID.
Client ID information is passed back from the SonicWALL
SSO Agent to the SonicWALL UTM appliance.
Based on the client ID, the SonicWALL UTM appliance
checks with the LDAP server to determine group member-
ship and permissions.
E7500
Network Security Appliance
1
5
4
2
3
1
2
3
4
5
2 3 4
Steps