TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

Similar documents
ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

Defender Token Deployment System Quick Start Guide

DIGIPASS Authentication for SonicWALL SSL-VPN

Using SonicWALL NetExtender to Access FTP Servers

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Integrating with IBM Tivoli TSOM

SonicWALL SRA Virtual Appliance Getting Started Guide

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

Global VPN Client Getting Started Guide

Two-Factor Authentication

Configuring Global Protect SSL VPN with a user-defined port

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Defender Configuring for Use with GrIDsure Tokens

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Network Load Balancing

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

SSL-VPN 200 Getting Started Guide

Defender EAP Agent Installation and Configuration Guide

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

OneLogin Integration User Guide

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Citrix Access on SonicWALL SSL VPN

Mobile Iron User Guide

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

Dell SonicWALL SRA 7.5 Citrix Access

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Getting Started - Client VPN

RSA Authentication Manager 7.1 Basic Exercises

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

DIS VPN Service Client Documentation

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

NSi Mobile Installation Guide. Version 6.2

ProSystem fx Document

IIS, FTP Server and Windows

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Cisco Unified Communications Manager 7.1 SIP Configuration Guide

Configure the idrac Remote Access Console

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Sophos Mobile Control Installation guide

setup information for most domains hosted with InfoRailway.

HOTPin Integration Guide: DirectAccess

Dell SonicWALL Aventail Connect Tunnel User Guide

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

TechNote. Configuring SonicOS for Amazon VPC

Active Directory Management. User Interface Guide

How To - Implement Clientless Single Sign On Authentication with Active Directory

Defender 5.7. Remote Access User Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

SonicWALL SSL VPN 3.5: Virtual Assist

Sophos UTM. Remote Access via PPTP Configuring Remote Client

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

Sophos Mobile Control Installation guide. Product version: 3

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

EMR Link Server Interface Installation

SafeWord Domain Login Agent Step-by-Step Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

F-SECURE MESSAGING SECURITY GATEWAY

Integration Guide. Swivel Secure Authentication

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

TechNote. Configuring SonicOS for MS Windows Azure

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Windows Server 2008 R2 Initial Configuration Tasks

Sophos UTM. Remote Access via SSL Configuring Remote Client

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Using different Security Policies on Group Level for AD within one Portal. SSL-VPN Security on Group Level. Introduction

MCBDirect Corporate Logging on using a Soft Token

MultiSite Manager. Setup Guide

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

StarWind Virtual SAN Installation and Configuration of Hyper-Converged 2 Nodes with Hyper-V Cluster

Device Enrollment Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Authentication Node Configuration. WatchGuard XTM

NetWrix Password Manager. Quick Start Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Cisco Unified Communications Manager 5.1 SIP Configuration Guide

Sophos Mobile Control User guide for Apple ios

How to Access Coast Wi-Fi

Configuration Guide. BES12 Cloud

Update Instructions

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

MultiSite Manager. Setup Guide

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365

How do I set up a branch office VPN tunnel with the Management Server?

Booth Gmail Configuration

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Using Microsoft s CA Server with SonicWALL Devices

Integrating LANGuardian with Active Directory

Transcription:

Secure Remote Access SRA Two-factor Authentication with Quest Defender SonicOS Contents Introduction... 1 System Requirements... 1 Defender Configuration... 2 Dell SonicWALL SRA Configuration... 18 Two-factor Authentication Examples... 22 Troubleshooting... 28 Introduction This guide is intended for administrators responsible for the setup of the Dell SonicWALL SRA solution on supported appliances which will authenticate users against Quest Defender over RADIUS using two-factor authentication. In addition, this guide also covers authentication for client and clientless configurations. This guide does not provide tutorial information on the use of the Windows operating system or on network communication concepts. Users must have experience in using the specified operating system and an understanding of networking concepts. It is assumed that you have read the Defender and Dell SonicWALL SRA documentation prior to using this guide. System Requirements The setup and configuration described in this TechNote was conducted using Dell Quest Defender 5.7 and Dell SonicWALL SRA 7.0.0.2. Dell SonicWALL SRA 7.0.0.2 is supported on the following Dell SonicWALL SRA appliances: Dell SonicWALL SRA 4600 Dell SonicWALL SRA 1600 Dell SonicWALL SRA Virtual Appliance

Defender Configuration TechNote This section provides procedures for the following configuration tasks: Creating a Defender Security Policy Creating a Defender Access Node Configuring a Defender Security Server Prerequisites This guide requires that the following are available and configured on your network: Defender Security Server v5.7 was used for this TechNote Defender Administration Console For further detailed information on these topics, please refer to: Product documentation and knowledgebase http://www.quest.com/defender/ Defender Configuration Guide Defender Installation Guide This section describes how to create a Defender Security Policy, a Defender Access Node, and the Defender Security Server configuration. Creating a Defender Security Policy To create a new Defender Security Policy, click the Defender OU and then right-click Policies. 1. From the menu, select New. 2. Select Defender Policy from the list. 3. The New Object - Defender Policy (name and description) dialog box is displayed. 4. In the Name field, type a name for this policy. 2

5. In the Description field, type a description for this policy. 6. Click Next to continue. The New Object - Defender Policy (authentication method) dialog box is displayed: 7. In the Method field, click the arrow and select an authentication method from the list. The authentication method determines the credentials that the user must enter when attempting to authenticate. In this configuration, Active Directory Password was chosen, which requires the user to enter a valid Active Directory password. 3

8. Click Next to continue. The New Object - Defender Policy (second authentication method) dialog box is displayed: 9. In the Method field, click the arrow and select an authentication method from the list. This is the second authentication method that the user must enter when he or she attempts to authenticate. In this configuration a Token was chosen so a user must use a challenge/response or response only token. 10. Click Next. The New Object - Defender Policy (account lockout) dialog box is displayed. 4

For our example configuration, we have accepted the default account lockout policy: Select the Enable Account Lockout checkbox and set the Lockout after field to lock out the user s account if the specified number of unsuccessful logon attempts exceeds 5. Select the Locked accounts must be unlocked by an administrator checkbox to specify that a locked account can only be unlocked by an administrator. Select the Automatically reset account after successful login checkbox to reset the count of unsuccessful logon attempts to zero when the user performs a successful logon. 11. Click Next to continue. The New Object - Defender Policy (password and PIN expiry) dialog box is displayed: 12. Click Next to use the default settings. 5

13. The New Object - Defender Policy (summary) dialog box is displayed. 14. Click Finish to save your settings. Confirming the Defender Security Policy Settings To confirm the Defender Security Policy settings, perform the following steps: 1. Select the Defender OU. 2. Select Policies. 3. Right-click on the required policy, in this example the Two-factor Policy. 4. Select Properties from the menu. 6

5. The policy name - Properties Policy dialog box is displayed. 6. On the Policy tab under Security Policy Management, confirm that the following Authentication methods are selected: Use Active Directory Password Followed By Token 7. Click OK to save your settings and close the Policy dialog box. 7

Creating a Defender Access Node This section describes how to create and configure an Access Node. 1. Open Active Directory Users and Computers. 2. Click the Defender OU and then right-click Access Nodes. 3. From the menu, select New. 4. From the submenu, select Defender Access Node. 5. The New Object - Defender Access Node dialog box is displayed. 6. In the Name field, type a name for this Access Node. 7. In the Description field, type a description for this Access Node. 8

8. Click Next to continue. The New Object - Defender Access Node (node type) dialog box is displayed: 9. In the Node Type field, click the arrow and select the required node type from the list. The access node is the point in your network where you need to challenge the user to verify their identity. For our example configuration this must be set to Radius Agent. 10. In the User ID field, click the arrow and select the required user ID type from the list. This is the user ID that will be used to locate the user in the Active Directory. For our configuration we have set SAM Account Name. 11. Click Next to continue. The New Object - Defender Access Node (connection details) dialog box is displayed. 9

12. In the IP Address or DNS Name field, enter the IP address of the Dell SonicWALL SMB SRA VPN Server. In this example configuration the address is 192.168.1.145. 13. In the Port field, type the RADIUS port number that will be used with this connection. RADIUS Client/Server implementation is transmitted over UDP; this example configuration has used Port 1812. 14. In the Shared Secret field, type the shared secret (this must match the Shared Secret configured on the Dell SonicWALL SRA authentication server). 10

15. Click Next to continue. The New Object - Defender Access Node (summary) dialog box is displayed: 16. This dialog box displays a summary of your settings for this Access Node. Click Finish to save your settings. 11

Changing Access Node Settings To change Access Node configuration, perform the following steps: 1. In the Users and Computers tree, select the Defender OU and then Access Nodes. 2. Right-click the required Access Node. 3. From the menu, select Properties. The Access Node dialog box is displayed: 4. Select the Members tab. The nodename Properties - Members dialog box is displayed. 12

5. Click Add and assign the users or groups who are allowed access through this Access Node: 6. Next, select the Policy tab. 7. Click Select. 8. Select the required policy in the list, for example AD password followed by Token. 9. Click OK to save your settings and return to the Policy dialog box. 13

10. The selected policy is displayed in the Policy field: 11. Click OK to save your settings. Configuring a Defender Security Server This section describes how to create a Defender security server object and then configure a Defender security server using the object. Creating a Defender Security Server Object Creating a Defender Security Server Creating a Defender Security Server Object To create a new Defender Security Server object, perform the following steps: 1. Click on the Defender OU, then right-click on Security Servers. 2. From the menu, select New. 3. Select Defender Security Server from the list. 4. The New Object Defender Security Server (name and description) dialog box is displayed. 5. In the Name field, type the name for this Defender Security Server. 6. In the IP Address field, type the IP Address of the server hosting the Defender Security Server. 14

7. In the Description field, type a description for this Defender Security Server. Ensure that the IP address matches the IP address you will configure as the Primary RADIUS Server for the Dell SonicWALL SRA authentication server. In this example, the Defender Security Server and Domain Controller are on the same server, but this might not be the case in all environments. 8. Click Next to continue. The New Object Defender Security Server (prompts) dialog box is displayed: 15

9. Click Next to continue. The New Object Defender Security Server (summary) dialog box is displayed: 10. Click Finish to save your settings. 16

Creating a Defender Security Server To configure a Defender Security Server using the object you just created, perform the following steps: 1. Select the Defender OU from the Active Directory tree. 2. Select Security Servers. 3. Right-click the required Defender Security Server object. 4. Select Properties from the menu. 5. The security server name Properties - Security Server dialog box is displayed. 6. Click Assign and select the required Access Node. In this example we use the Dell SonicWALL SRA SMB SSL-VPN Access Node configured previously. 17

Dell SonicWALL SRA Configuration TechNote This section provides procedures for configuring the Dell SonicWALL SRA appliance to work with Defender. Defining a Defender Domain Enabling NetExtender / Mobile Connect Client Connections Configuring the NetExtender Client Settings Prerequisites It is recommended that Dell SonicWALL SRA appliance has the following resources available: Public network: Dell SonicWALL SRA appliance is accessible to client workstations Configured for NetExtender/Mobile Connect SSL VPN access Configured for portal access Private network: Dell SonicWALL SRA appliance is installed in your environment Accessible to your Defender Security Server For further detailed information on Dell SonicWALL SRA installation and configuration, please refer to the following: Product documentation and knowledgebase Dell SonicWALL SRA 7.0 Administrator's Guide Dell SonicWALL SRA 7.0 Release Notes Defining a Defender Domain 1. Log in to the Dell SonicWALL SRA management interface (GUI). 2. Navigate to the Portals > Domains page. 3. Click Add Domain. 4. In the Authentication type drop-down list, select Radius. 5. In the Domain name field, enter a domain name for your new authentication domain. 6. In the Radius server address field, type the IP address of the Defender Radius server. 7. In the Secret password field, type the Shared Secret (this must match the Shared Secret configured on your Defender Access Node, see Creating a Defender Access Node) 8. In the Portal name field, select a Portal or Portals that will use the new authentication domain. 18

9. Click Accept at the top of the page. 19

Enabling NetExtender / Mobile Connect Client Connections Associating the portal with your new Defender authentication domain allows clients to connect to the portal using NetExtender and Mobile Connect. To enable NetExtender and Mobile Connect connections to the portal: 1. In the Dell SonicWALL SRA management interface, navigate to the Portals > Portals page. 2. Click the Configure button for your portal. 3. On the Home Page tab in the Edit window, select the Allow NetExtender/Mobile Connect connections to this portal checkbox. 4. Click Accept at the top of the page. 20

Configuring the NetExtender Client Settings Use this procedure to configure an appropriate IP address range for NetExtender/Mobile Connect clients. 1. In the Dell SonicWALL SRA management interface, navigate to the NetExtender > Client Settings page. 2. In the Client Address Range Begin field, type in the first IP address in the range. 3. In the Client Address Range End field, type in the last IP address in the range. 4. Configure any additional client settings that are desired and then click Accept. 5. Navigate to the NetExtender > Client Routes page. 6. Click the Add Client Route button. 7. In the Destination Network field, type in the network IP address of a private network that clients can access. 21

8. In the SubNet Mask field, type in the network mask for the private network. Our example uses 255.255.255.0. 9. Click Accept. To add another client route, click the Add Client Route button again and repeat these steps. Two-factor Authentication Examples With both the Dell SonicWALL SRA appliance and Defender configured, the following sections walk through the client logon and authentication process: Two-factor Authentication for Windows Two-factor Authentication for Apple ios using Dell SonicWALL Mobile Connect Two-factor Authentication for Google Android using Dell SonicWALL Mobile Connect Two-factor Authentication for Windows The following screens demonstrate a Windows client using a browser to access the Defender Portal. 1. Launch your web browser and navigate to the Dell SonicWALL SRA appliance public interface. In our example, point your browser to https://smb-sra-dns-name-or-public-ip 2. Enter your domain credentials and click Login. 22

3. Defender verifies the account details and password and then prompts for the appropriate Token Response. Type in the token and click OK. Two-factor Authentication for Apple ios using Dell SonicWALL Mobile Connect Dell SonicWALL Mobile Connect is an SSL-VPN client that supports secure remote access connections for Apple ios and Google Android devices. Documentation for Mobile Connect for Apple ios 2.0 can be downloaded here. The following screens demonstrate an ipad user using the ios version of Mobile Connect to gain secure access to protected resources. 1. Launch Mobile Connect on the ipad and create a new connection by naming the connection and providing a DNS name or IP address for the Dell SonicWALL SRA appliance. Mobile Connect verifies that the server is accessible. 2. Tap Save. 23

3. Select the connection you just created from the list of connections and tap Connect. 4. Enter your domain credentials and tap Login. Defender verifies the account details and password and then prompts for the appropriate Token Response. 24

5. When prompted, enter your token and tap Login to complete the authentication process. 25

Two-factor Authentication for Google Android using Dell SonicWALL Mobile Connect Dell SonicWALL Mobile Connect is an SSL-VPN client that supports secure remote access connections for Apple ios and Google Android devices. Documentation for Mobile Connect for Google Android 2.0 can be downloaded here. The following screens demonstrate an Android user using the Android version of Mobile Connect to gain secure access to protected resources. 1. Launch Mobile Connect on the Android device and create a new connection by naming the connection and providing a DNS name or IP address for the Dell SonicWALL SRA appliance. Mobile connect verifies that the server is accessible. 2. Tap Save. 3. Select the new connection from the list of connections and tap Connect. 4. Type in your password and tap OK. 26

5. When prompted, enter your token and tap OK to complete the authentication process. 27

Troubleshooting TechNote If you are experiencing problems with the configuration, the following diagnostics may help provide a quick resolution. Check the Defender Security Server logs which can be accessed through the Defender Management Portal (by default, this web based portal can be accessed on the Defender Security Server at http://localhost). Alternatively, the log files are found in: C:\Program Files (x86)\quest Software\Defender\DSS Active Directory Edition\Logs Search the Quest Knowledge portal for common answers: https://support.quest.com/searchknowledgebase.aspx Raise a service request via the Quest portal using: https://support.quest.com/casemanagement/manageservicerequest.aspx 28

If the Defender log does not contain any information, then the Dell SonicWALL SRA is not sending the RADIUS request to Defender. Check the Dell SonicWALL SRA logs on the Log > View page. Search the Dell SonicWALL knowledge portal for common answers: http://www.sonicwall.com/us/en/support/3893.html#tab=kb Last updated: 6/23/2014 Written by: Ron Anderson 232-002561-00 Rev A 29

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information