Filter
Top Products
User Management
1081
SonicOS 5.8.1 Administrator Guide
To edit a service account name, select the name, click Edit, make the desired changes in the
Service User name dialog box, and then click OK.
To remove service account names, select one or more names and then click Remove.
Step 24 Click on the Enforcement tab if you want to either trigger SSO on traffic from a particular zone,
or bypass SSO for traffic from non-user devices such as internal proxy web servers or IP
phones.
Step 25 Under Per-Zone SSO Enforcement, select the checkboxes for any zones on which you want
to trigger SSO to identify users when traffic is sent. If SSO is already required on a zone by
Application Control or other policies, those checkboxes are pre-selected and cannot be
cleared. If Guest Services is enabled on a zone, SSO cannot be enforced and you cannot select
the checkbox.
These per-zone SSO enforcement settings are useful for identifying and tracking users
in event
logging and App Flow Monitor visualizations, even when SSO is not otherwise triggered by
content filtering, IPS, or Application Control policies, or by firewall access rules requiring user
authentication.
On zones where security services policies or firewall access rules are set to require user
authentication, SSO will always be initiated for the affected traffic and it is not necessary to also
enable SSO enforcement here.
Step 26 To bypass SSO for traffic from certain devices or locations and apply the default content filtering
policy to the traffic, select the appropriate address object or address group from the first
pulldown menu under SSO Bypass. To bypass SSO for certain services or types of traffic,
select the service from the second pulldown menu.
The first setting is used where traffic that would be subject to security services screening can
emanate from a device other than a user's workstation (such as an internal proxy Web server
or IP phone). It prevents the SonicWALL from attempting to identify such a device as a network
user in order to select the content filtering policy to apply. The default content filtering policy will
be used for all traffic from the selected IP addresses.