Introduction
39
SonicOS 5.8.1 Administrator Guide
increases the efficiency of your SonicWALL security appliance by providing you the ability
to configure user view settings and filter junk messages before users see it in their inboxes.
The following enhancements are now available with CASS 2.0:
–
The Email Security Junk Store application can now reside outside the Exchange Server
system. Unlike in version 1.0, Junk Store can now be installed on another remote
server.
–
Dynamic discovery of Junk Store user interface pages has been added. This feature
allows the Junk Store to inform SonicOS of a list of pages to display under Anti-Spam
in the SonicOS left hand navigation pane. For example, the pane might show Junk Box
View, Junk Box Settings, Junk Summary, User View Setup, and/or Address Books.
–
User-defined Allow and Deny Lists can now be configured with FQDN and Range
address objects in addition to Host objects.
–
A GRID IP Check tool has been added in the Anti-Spam > Status page. The SonicWALL
administrator can specify (on-demand) an IP address to check against the SonicWALL
GRID IP server. The result will either be LISTED or UNLISTED. Connections from a
LISTED host will be blocked by the SonicWALL security appliance running CASS
(unless overridden in the Allow List).
–
A parameter to specify the Probe Response Timeout is added in the Anti-Spam >
Settings page Advanced Options section. There are deployment scenarios where a
longer timeout is needed to prevent a target from frequently being marked as
Unavailable. The default value is 30 seconds.
• Enhanced Connection Limiting - Connection Limiting enhancements expand the original
Connection Limiting feature which provided global control of the number of connections for
each IP address. This enhancement is designed to increase the granularity of this kind of
control so that the SonicWALL administrator can configure connection limitation more
flexibly. Connection Limiting uses Firewall Access Rules and Policies to allow the
administrator to choose which IP address, which service, and which traffic direction when
configuring connection limiting.
• Dynamic WAN Schedule - SonicOS 5.8.0.0 supports scheduling to control when Dynamic
WAN clients can connect. A Dynamic WAN client connects to the WAN interface and
obtains an IP address with the PPPoE, L2TP, or PPTP. This enhancement allows the
administrator to bind a schedule object to Dynamic WAN clients so that they can connect
when the schedule allows it and they are disconnected at the end of the configured
schedule. In the SonicOS management interface, a Schedule option is available on the
WAN interface configuration screen when one of the above protocols is selected for IP
Assignment. Once a schedule is applied, a log event is recorded upon start and stop of the
schedule.
• NTLM Authentication with Mozilla Browsers - As an enhancement to Single Sign-On,
SonicOS can now use NTLM authentication to identify users who are browsing using
Mozilla-based browsers (including Internet Explorer, Firefox, Chrome and Safari). NTLM is
part of a browser authentication suite known as "Integrated Windows Security" and should
be supported by all Mozilla-based browsers. It allows a direct authentication request from
the SonicWALL appliance to the browser with no SSO agent involvement. NTLM
authentication works with browsers on Windows, Linux and Mac PCs, and provides a
mechanism to achieve Single Sign-On with Linux and Mac PCs that are not able to
interoperate with the SSO agent.
• SSL VPN NetExtender Update - This enhancement supports password change capability
for SSL VPN users, along with various fixes. When the password expires, the user is
prompted to change it when logging in via the NetExtender client or SSL VPN portal. It is
supported for both local users and remote users (RADIUS and LDAP).