Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

User Management

1012

SonicOS 5.8.1 Administrator Guide

Multiple TSA Support

To accommodate large installations with thousands of users, SonicWALL network security

appliances are configurable for operation with multiple terminal services agents (one per

terminal server). The number of agents supported depends on the model, as shown in Table 3.

Table 3 Multiple TSA Support per Model

For all SonicWALL network security appliance models, a maximum of 32 IP addresses is

supported per terminal server.

Encryption of TSA Messages and Use of Session IDs

SonicWALL TSA uses a shared key for encryption of messages between the TSA and the

SonicWALL appliance when the user name and domain are contained in the message. The first

open notification for a user is always encrypted, because the TSA includes the user name and

domain.

Note The shared key is created in the TSA, and the key entered in the SonicWALL appliance

during SSO configuration must match the TSA key exactly.

The messages between the appliance and the TS agent (and the SSO agent too) are DES

encrypted (using triple-DES) and DES uses a numeric key that can be represented by a

hexadecimal string. Each octet of the key requires two hex digits to represent its value, hence

the key needs to be a even number of hex digits.

Using a hexadecimal key contributes to the encryption strength. For example, if a pass-phrase

was used instead and converted to a numeric key, the end-result would be no different than

using the numeric-key directly and the pass-phrase would be more guessable than the hex

representation of the key.

And also note that the information that we are “protecting” here is actually not very sensitive. It

is simply a mapping between user names and TCP/UDP connections (TSA) or user names and

IP addresses (SSO). No sensitive data like passwords is transferred.

The TSA includes a user session ID in all notifications rather than including the user name and

domain every time. This is efficient, secure, and allows the TSA to re-synchronize with Terminal

Services users after the agent restarts.

SonicWALL Appliance Model TS Agents Supported

NSA E7500/E8500 256

NSA E6500 128

NSA E5500 64

NSA 5000 32

NSA 4500 16

NSA 3500 16

NSA 2400 8

NSA 240 4

TZ 210 Series 4

TZ 200 Series Not supported

TZ 100 Series Not supported

previous next