Configuring SonicWALL TSA on Citrix and Terminal Services Servers



Similar documents
Single Sign-On in SonicOS Enhanced 5.6

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON

Single Sign-On in SonicOS Enhanced 5.5

Global VPN Client Getting Started Guide

Single Sign-On in SonicOS Enhanced 4.0

Content Filtering Client Policy & Reporting Administrator s Guide

Single Sign-On. Document Scope. Single Sign-On

Release Notes. Contents. Release Purpose. Platform Compatibility. SonicWALL Appliance / Firmware Compatibility. Directory Connector.

Preparing for GO!Enterprise MDM On-Demand Service

OneLogin Integration User Guide

Citrix Access on SonicWALL SSL VPN

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

IIS, FTP Server and Windows

WhatsUp Gold v16.3 Installation and Configuration Guide

Web Filter. SurfControl Web Filter 5.0 Installation Guide. The World s #1 Web & Filtering Company

SonicWALL Content Security Manager Integrated Solutions Guide

WhatsUp Gold v16.2 MSP Edition Deployment Guide This guide provides information about installing and configuring WhatsUp Gold MSP Edition to central

WhatsUp Gold v16.2 Installation and Configuration Guide

WhatsUp Gold v16.1 Installation and Configuration Guide

Configuration Guide. BES12 Cloud

Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF)

Burst Technology. bt-webfilter User Guide

Dell SonicWALL SRA 7.5 Citrix Access

2X ApplicationServer & LoadBalancer Manual

ECA IIS Instructions. January 2005

FTP, IIS, and Firewall Reference and Troubleshooting

Release Notes. Contents. Release Purpose. Platform Compatibility. SonicWALL Appliance / Firmware Compatibility. Directory Connector.

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Aspera Connect User Guide

SonicWALL SSL VPN 3.0 HTTP(S) Reverse Proxy Support

Reference and Troubleshooting: FTP, IIS, and Firewall Information

RSA SecurID Ready Implementation Guide

SSL-VPN 200 Getting Started Guide

Installing Policy Patrol on a separate machine

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Global VPN Client Getting Started Guide

Secure IIS Web Server with SSL

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

2X ApplicationServer & LoadBalancer Manual

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

2X ApplicationServer & LoadBalancer Manual

Safe internet for business use: Getting Started Guide

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Installation Instruction STATISTICA Enterprise Server

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

Security Guidelines for MapInfo Discovery 1.1

NSi Mobile Installation Guide. Version 6.2

AVG Business SSO Connecting to Active Directory

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

BusinessObjects Enterprise XI Release 2

TOSHIBA GA Printing from Windows

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

RoomWizard Synchronization Software Manual Installation Instructions

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Configuring Global Protect SSL VPN with a user-defined port

QUANTIFY INSTALLATION GUIDE

ez Agent Administrator s Guide

Citrix Access Gateway Plug-in for Windows User Guide

Kaseya Server Instal ation User Guide June 6, 2008

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

SMART Vantage. Installation guide

Setting Up Scan to SMB on TaskALFA series MFP s.

App Orchestration 2.0

CONNECT-TO-CHOP USER GUIDE

Software Installation Requirements

NovaBACKUP xsp Version 15.0 Upgrade Guide

Spector 360 Deployment Guide. Version 7

CA Nimsoft Service Desk

Installing and Configuring vcenter Support Assistant

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

Xerox EX Print Server, Powered by Fiery, for the Xerox 700 Digital Color Press. Printing from Windows

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Test Case 3 Active Directory Integration

Configuration Guide BES12. Version 12.3

Configuring Security Features of Session Recording

Upgrading from Call Center Reporting to Reporting for Contact Center. BCM Contact Center

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Fiery EX4112/4127. Printing from Windows

Windows Server Update Services 3.0 SP2 Step By Step Guide

Pearl Echo Installation Checklist

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP system v10 with Microsoft Exchange Outlook Web Access 2007

Sophos for Microsoft SharePoint startup guide

If you have questions or find errors in the guide, please, contact us under the following address:

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

Installing and Configuring vcloud Connector

Configuring Trend Micro Content Security

WHITE PAPER Citrix Secure Gateway Startup Guide

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

LDAP Authentication and Authorization

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

Request Manager Installation and Configuration Guide

How to Configure Outlook Client for Exchange

Remote Filtering Software

GlobalSCAPE DMZ Gateway, v1. User Guide

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Transcription:

Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server, such as a Citrix Presentation server or Microsoft Terminal Services server. This document contains the following sections: Feature Overview section on page 1 Using the section on page 4 Installing the section on page 4 Configuring the section on page 6 Related Features section on page 10 Glossary section on page 10 Feature Overview This section provides an introduction to the. See the following subsections: What is the? section on page 1 Benefits section on page 2 How Does the Work? section on page 2 Platforms section on page 4 What is the? The SonicWALL Terminal Services Agent (TSA) is a software component of the SonicWALL Directory Connector suite. The is installed on a Citrix Presentation server or Microsoft Terminal Services server and supplies user credentials to the SonicWALL Content Security Manager (CSM) security appliance. 1

Feature Overview Benefits With the introduction of the, SonicOS CF 2.6 on the SonicWALL CSM supports per-user policies on multi-user systems for the first time. This allows you to implement customized Internet access policies for each user in a thin-client environment containing a Citrix server or Microsoft Terminal Services server. One of the key features of the SonicWALL CSM series appliance is its ability to apply per-user or per-group policies for all users whose Internet access traffic passes through it, while employing a Single Sign-On mechanism to reuse existing user credentials. To provide such fine controls, the SonicWALL CSM series appliance must be able to uniquely identify every user. Before the availability of the, the CSM relied on the source IP address of an Internet request as the unique identifier. It was essential that the SonicWALL CSM series appliance be able to correlate a user to a unique IP address. However, in a thin-client environment, the server presents a single IP address for all of the virtual client sessions that it hosts. In previous releases, this prevented the effective use of the CSM appliance with Citrix or Terminal Services. Now the fills this gap by providing the user-specific information needed by the CSM for users whose source IP address is shared by all users on the Citrix or Microsoft server. The SonicWALL CSM uses the information from the TSA to query the SonicWALL ADConnector for the policies associated with the specific user. The allows you to make full use of the content filtering capabilities of the SonicWALL CSM while benefitting from the convenience of Single Sign-On with Active Directory, and the power of a thin-client environment. How Does the Work? In a thin-client environment, the user logs onto the Citrix or Microsoft server from another computer. The Citrix or Microsoft server authenticates the user, in this case by contacting the Active Directory server. The runs as a Windows service on the Citrix or Microsoft server, and listens for new connections, or sockets, to the Internet. The TSA architecture consists of a driver and a Windows service. When a user s application on the Citrix or Microsoft server opens a socket, the TSA driver retrieves the user authentication credentials from the Citrix or Microsoft server. The TSA Windows services then notifies the CSM that this user has opened a new connection, and includes the user credentials in the notification. The new connection can be made by a browser, an FTP session, or any other application that the SonicWALL CSM can filter. If the connection is made using a browser, the TSA sends the information upon the first Internet request, but does not need to resend it if the user points the browser to multiple Web sites. The same user credentials are valid until the browser terminates the session because of a timeout, or the browser is closed. The SonicWALL CSM queries the SonicWALL ADConnector for the policies associated with the user, based on the user credentials passed by the TSA. The ADConnector communicates with Active Directory to obtain the policies, and then sends the policy information back to the CSM appliance. The CSM uses the policy information to determine what content to send to the user and what to block. The SonicWALL CSM appliance uses encrypted communication with the for notifications and with the SonicWALL ADConnector to synchronize policies. Note is supported on Citrix servers that use the standard configuration for source IP addresses in Internet requests. That is, the Citrix server provides its own IP address as the source IP for requests from all Citrix users. does not support policy enforcement for Citrix users who receive a virtual IP address from an IP address pool when starting a session. 2

Feature Overview Figure 1 with Citrix Server, ADConnector, and SonicWALL CSM PRO 5060 (Upstream Firewall) SonicWALL CSM 4 5 6 8 1 3 2 7 Client: user1 Citrix Server SonicWALL ADConnector Active Directory Server 1 The client (user1) logs into the Citrix server. 2 The Citrix server requests and obtains user authentication from the Active Directory server. 3 The client launches a browser. 4 The client requests content from the Internet through the SonicWALL CSM. This opens a new connection. 5 The sends credentials for user1 to the CSM. 6 The CSM queries the SonicWALL ADConnector for the policies associated with user1. 7 The ADConnector checks its cache for the policy information, and if the policy is not cached, queries the Active Directory server for it. 8 The ADConnector encrypts the policy information, and returns it to the CSM. The CSM applies the policy, allowing or denying the user s request accordingly. 3

Using the Platforms SonicWALL Terminal Services Agent (TSA) is available as part of SonicWALL Directory Connector version 2.0.27. SonicWALL Directory Connector version 2.0.27 software is available for use with the following SonicWALL Content Security Manager (CSM) platforms: SonicWALL CSM 3200 security appliance running SonicOS CF 2.6 SonicWALL CSM 2200 security appliance running SonicOS CF 2.6 The is supported for installation on the following operating systems: Microsoft Windows 2003 Server Microsoft Windows XP Professional The supports the following terminal services applications: Citrix Presentation Server 4.0 Microsoft Windows Terminal Services Using the The is completely automatic once it is installed and configured. You do not need to start or stop it manually. In order for the to function properly, you need an existing Active Directory environment with a fully integrated Citrix server or Microsoft Terminal Services server. You must have SonicWALL ADConnector installed and configured on a computer within the Active Directory domain. For information about installing and configuring SonicWALL ADConnector, see the SonicOS CF 2.6 Administrator s Guide. Installing the You can install the on a Microsoft Terminal Services server or on a Citrix server that is providing multi-user terminal services, and that is part of the Active Directory domain. See the following sections: To Download the on page 4 To Install the on page 5 To Download the To download the software from the MySonicWALL Web site, perform the following steps: Step 1 Step 2 Step 3 In your browser, navigate to the following URL: http://www.mysonicwall.com Login to MySonicWALL using your account, or create a new account to login with and add your CSM into this account. In the left pane, under Downloads, click Download Center. 4

Installing the Step 4 Step 5 Step 6 Step 7 In the right pane, under Download Center, for the Type field, select a Content Security Manager 2200 or 3200 from the drop-down list. In the table under Available Software, click. In the File Download dialog box, click Open. Alternatively, you can click Save and then open the downloaded file from its saved location. In the WinZip dialog box, extract tsa_setup.exe. To Install the To install the software onto your Citrix or Terminal Services server, perform the following steps: Step 1 Step 2 Step 3 Download the installation program. See To Download the on page 4. Double-click tsa_setup.exe. The installation program will launch. In the InstallShield Wizard Welcome screen, click Next. Figure 2 TSA - InstallShield wizard Welcome Screen Step 4 Step 5 Step 6 Step 7 Step 8 In the Destination Folder screen, do one of the following: To specify a different installation folder, click Browse, select the location, and then click Next. To accept the default directory, click Next. In the Ready to Install the Program screen, click Next. After the installation completes, in the InstallShield Wizard Completed screen, click Finish to exit from the installation wizard. When prompted to restart your system, click OK. After the system restarts, you are ready to configure the to communicate with your SonicWALL CSM Series appliance. 5

Configuring the Configuring the After installing the, you must configure it so that it can communicate with the SonicWALL CSM. See the following sections: Configuring the to Communicate with the CSM on page 6 Configuring the SonicWALL CSM to Communicate with the TSA on page 7 Configuring the to Communicate with the CSM This section describes how to configure to communicate with your SonicWALL CSM Series appliance. Step 1 To launch the configuration tool, click Start > Control Panel and then double-click the icon. Note that the must be launched from the Control Panel. It is not listed in the Programs list. Figure 3 TSA - Starting From the Control Panel Step 2 The TSA Configuration Parameters dialog box displays. 6

Configuring the Figure 4 TSA Configuration Parameters Step 3 Enter the following information: Click OK. Type the IP address of the SonicWALL CSM appliance into the IP text box. Type the port number that the will use to communicate with the CSM into the Port text box. Type a 16 character alphanumeric key into the DES Key text box. This is the shared secret between the and the CSM appliance. It is used to ensure secure communications. Configuring the SonicWALL CSM to Communicate with the TSA After you have installed and configured the on your Citrix or Microsoft server, perform the following steps in the SonicWALL CSM management interface. Step 1 In the SonicWALL CSM management interface, navigate to the Users and Hosts > Settings page. Figure 5 CSM - Users and Hosts > Settings Page Step 2 Step 3 Select the Use Directory Services Connector radio button, and click the corresponding Configure button. The Directory Services Connector Configuration dialog box displays. 7

Configuring the Figure 6 CSM - Directory Services Connector Configuration Enter the following information: In the IP Address text box, type the IP address of the system where the SonicWALL ADConnector is installed. In the Port Number text box, type the port number that the SonicWALL ADConnector will use to communicate with the SonicWALL CSM appliance. Note The port number on the DSC tab is the port number of the domain computer that is running ADConnector. The port number is configured on the TSA tab. You should use different port numbers for ADConnector and TSA. Step 4 Step 5 Click OK. In the Shared Secret text box, type the same DES Key that you configured for the SonicWALL TSA. This is the shared secret between the and the CSM appliance. It is used to ensure secure communications. This shared secret is used by both the ADConnector and TSA components of SonicWALL Directory Connector. Click the TSA tab. 8

Configuring the Figure 7 CSM - TSA Configuration Step 6 Step 7 In the Port Number text box, type the port number that the will use for communication with the SonicWALL CSM appliance. Click OK. 9

Related Features Related Features SonicWALL ADConnector - Use SonicWALL ADConnector to assign policies defined on the SonicWALL CSM appliance to Active Directory users, groups, computers, and organizational units. The CSM queries ADConnector for the policies associated with the users whose credentials are provided by the SonicWALL TSA. For information about the SonicWALL ADConnector, see the SonicOS CF 2.6 Administrator s Guide. Glossary Active Directory - A centralized directory service system produced by Microsoft that automates network management of user data, security, and resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. ADConnector - An application that provides an interface between the content filtering appliance and Active Directory for user identification and policy determination and application. The SonicWALL ADConnector agent specifies the domain on which it has been installed and provides the ability to apply appliance policies to Active Directory users and groups. When a user makes a request through the SonicWALL CSM appliance, it passes user attributes to the ADConnector which then identifies the user within the Active Directory environment and returns applicable policies to the appliance. The CSM appliance then determines whether the content requested is permitted by the policy and either allows or denies the traffic. Application Filtering - A signature-based deep packet inspection mechanism for controlling peer-to-peer (P2P), Instant Messenger (IM), and Multimedia applications usage. Authentication - A method that attempts to verify that packets entering a filtering device to determine whether they can be forwarded based on policy criteria that includes source address, source port number, and other source information. Citrix Presentation Server - A remote access product built on the Independent Computing Architecture (ICA), Citrix Systems' thin client protocol. Multiple clients can login to the Citrix server to access applications and data, and to connect to the Internet. Content Filtering - A method of screening Web pages and email messages to exclude specified users from access to them, using special filtering policies. The policies use a variety of exclusion criteria including character string matching or source IP address matching. Additionally, the policies contain priority levels, that indicate levels of sensitivity of the content. Directory Connector - SonicWALL Directory Connector allows the SonicWALL Content Security Manager (CSM) appliance to achieve transparent, automated Single-Sign-On (SSO) integration with Citrix, Windows Terminal Services, Active Directory, and Novell edirectory. Directory Connector includes three installable agents: SonicWALL Terminal Services Agent (TSA) SonicWALL ADConnector (ADC) SonicWALL NDConnector (NDC) CSM Series Appliance - The Content Security Manager is an appliance-based Internet content and application filtering solution that enhances security and employee productivity, optimizes network bandwidth and mitigates legal liabilities. The Content Security Manager integrates into virtually any network topography to provide powerful, scalable, cost-effective Internet content filtering. It is easy to implement, requiring no change to your network clients. The Content Security Manager filters all HTTP and HTTPS traffic on any port, regardless of whether the network clients use external proxy servers. 10

Glossary Directory Service - A vessel for information about network-based entities, such as applications, files, printers, and people. Directory services are important because they provide a consistent way to name, describe, locate, access, manage, and secure information about these resources. They also provide a single point of access of these entities for system administration. They also enable interoperability and centralized management by provisioning standards-based interfaces. Active Directory and Novell edirectory are examples of directory services. Policy - Also called category sets; a grouping of predefined categories to make handling of multiple categories easier. Policies can be assigned directly to users. There are 13 default policies. You can find these in the SonicOS CF management interface, on the Web Filters > Category Sets page. Single Sign On - A mechanism that permits a user to enter one name and password in a single session order to access multiple applications. These applications must already have access rights to the server on which the user enters login and password strings. Terminal Services - Microsoft Terminal Services or Terminal Server Edition (TSE) is a component of Microsoft Windows operating systems (both client and server versions) that allows a user to access applications or data stored on a remote computer over a network connection. A Terminal Services server allows multiple clients to login in order to access applications and data, and to connect to the Internet. Terminal Services Agent (TSA) - The SonicWALL Terminal Services Agent (TSA) is an installable agent for multi-user Citrix and Windows Terminal Services servers. When multiple users are logged onto either of these thin-client servers, the provides user-specific information to the SonicWALL CSM appliance so that the CSM can manage each transaction or request according to per-user policies. Solution Document Version History Version Number Date Notes 1 2/20/2007 This document was created. 2 2/21/2007 Feedback incorporated. 11

Glossary 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information