Two Factor Authentication in SonicOS



Similar documents
Dell SonicWALL Aventail Connect Tunnel User Guide

Global VPN Client Getting Started Guide

Hosted Security Quick Start Guide

Content Filtering Client Policy & Reporting Administrator s Guide

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Hosted Security 2.0 Quick Start Guide

Defender Token Deployment System Quick Start Guide

SonicOS 5.9 One Touch Configuration Guide

Weston Public Schools Virtual Desktop Access Instructions

Elluminate Live! Access Guide. Page 1 of 7

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

SonicWALL Security Dashboard

Elluminate Live! Access Guide. Page 1 of 7

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Using SonicWALL NetExtender to Access FTP Servers

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell Statistica Document Management System (SDMS) Installation Instructions

Starting a Management Session

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

INFORMATION TECHNOLOGY CERES DEPARTMENT

Installing Management Applications on VNX for File

Hosted Microsoft Exchange Client Setup & Guide Book

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. August 2014 Phone: Publication: , Rev. C

Hosted Microsoft Exchange Client Setup & Guide Book

USER GUIDE WWPass Security for Windows Logon

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

NeoMail Guide. Neotel (Pty) Ltd

Massey University Wireless Network Client Configuration Mac OS X

Wavecrest Certificate

Two-Factor Authentication

Active Directory Self-Service FAQ

How to set up Outlook Anywhere on your home system

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Dynamic DNS How-To Guide

How to Configure Active Directory based User Authentication

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

HDAccess Administrators User Manual. Help Desk Authority 9.0

Dell SonicWALL SRA 7.5 Citrix Access

Merchant Warehouse Credit Card Integration Gym Assistant August 2009

Hosted Exchange Setup Instructions

Immotec Systems, Inc. SQL Server 2005 Installation Document

QUANTIFY INSTALLATION GUIDE

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise

ADSP Infrastructure Management Compliance Audit. How-To Guide

RSA Security Analytics

NETASQ ACTIVE DIRECTORY INTEGRATION

Setting Up Scan to SMB on TaskALFA series MFP s.

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Recommended Browser Setting for MySBU Portal

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

GX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER

Scenario: IPsec Remote-Access VPN Configuration

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

ADFS Integration Guidelines

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

Ajera 7 Installation Guide

Microsoft Office 365 Using SAML Integration Guide

Dell SonicWALL SRA 7.0 Geo IP & Botnet Filters

GMS. 1 Create the virtual machine 2 Configure the virtual machine 3 Configure the virtual GMS server. Quick Start Guide. Microsoft Hyper-V Hypervisor

Dell Statistica Statistica Enterprise Installation Instructions

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Security Provider Integration RADIUS Server

Global VPN Client Getting Started Guide

HP Access Control Smartcard Solution

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

How to Use Print from Register the printer

Velocity Web Services Client 1.0 Installation Guide and Release Notes

TechNote. Contents. Overview. Using a Windows Enterprise Root CA with DPI-SSL. Network Security

Contents. Pre-Installation Recommendations. Platform Compatibility. G lobal VPN Client SonicWALL Global VPN Client for 64-Bit Clients

Dell Command Integration Suite for System Center Version 4.1. Installation Guide

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

QUICK START GUIDE Cisco M380 and Cisco M680 Content Security Management Appliance

HP Device Manager 4.6

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

OneLogin Integration User Guide

Application Notes for Configuring a SonicWALL Continuous Data Protection (CDP) backup solution with Avaya Voic Pro - Issue 1.

Scan to FTP Guide. Version 0 ENG

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

EMC Data Protection Search

Device LinkUP + Desktop LP Guide RDP

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Configuring Avaya 1120E, 1140E, 1220 and 1230 IP Deskphones with Avaya IP Office Release 6.1 Issue 1.0

Update Instructions

Secure Web Appliance. SSL Intercept

Smart Card Installation and Configuration Guide

Analyzer 7.1 Administrator s Guide

Endpoint Security VPN for Windows 32-bit/64-bit

Dell Fabric Manager Installation Guide 1.0.0

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

SonicWALL Global Management System Installation Guide Entry Edition. Version 2.1

SonicWALL SRA Virtual Appliance Getting Started Guide

Transcription:

Two Factor Authentication in SonicOS 1

Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. 2014 Dell Inc. Trademarks: Dell, the DELL logo, SonicWALL, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers. 2014 02 P/N 232-002403-00 Rev A 2 Two Factor Authentication in SonicOS

Two Factor Authentication in SonicOS Document Scope This document describes how to configure Two Factor Authentication on a Dell SonicWALL network security appliance running SonicOS 5.9 or SonicOS 6.2. This document contains the following sections: Feature Overview on page 3 Configuring Two Factor Authentication in SonicOS on page 5 Feature Overview This section provides an introduction to Two Factor Authentication in SonicOS. This section contains the following subsections: What is Two Factor Authentication? on page 3 How does Two Factor Authentication Work? on page 4 Benefits on page 4 Supported Platforms on page 4 What is Two Factor Authentication? Two Factor Authentication is a process involving two stages to verify the identity of an administrator or user who is attempting to log directly into SonicOS. In SonicOS, two factor authentication includes: Client Certificate Check which requires the use of a Common Access Card (CAC) and a card reader to authenticate the user s identity. A CAC is a United States Department of Defense smart card used by personnel that require highly secure access over the Internet. User Login Authentication which displays a standard login screen where the user can enter their username and password. Two Factor Authentication in SonicOS 3

How does Two Factor Authentication Work? Two Factor Authentication requires a user to log in using two steps. First, the user must be verified by a Client Certificate Check which requires the user to use a Common Access Card (CAC) in a card reader. Second, the user must log in by typing their username and password at the login prompt. The Dell SonicWALL security appliance can be managed using HTTP or HTTPS in a Web browser. In SonicOS, HTTP management is disabled by default. HTTPS is usually the preferred method to log into the SonicOS management interface. You must use HTTPS to use the Client Certificate Check option. Note CACs work with Microsoft Internet Explorer, but may not work with other browsers. Note Using a CAC requires an external card reader that is connected on a USB port. Note You must have administrator privileges to set up Two Factor Authentication on a Dell SonicWALL network security appliance. Benefits Two Factor Authentication provides increased security by requiring two different methods of authentication before a user can log into the Dell SonicWALL network security appliance. Supported Platforms Two Factor Authentication is supported on Dell SonicWALL network security appliances running SonicOS 5.9 or SonicOS 6.2. 4 Two Factor Authenication in SonicOS

Configuring Two Factor Authentication in SonicOS To configure Two Factor Authentication in SonicOS: Step 1 Step 2 Go to the System > Administration page. Scroll down to the Web Managment Settings panel. Step 3 Step 4 Step 5 Step 6 Step 7 Type the port number that you want into the HTTPS Port box. The default port for HTTPS management is 443, but you can add another layer of security for logging into the firewall by changing the default port. Select the Enable Client Certificate Check box. The Enable Client Certificate Check box allows you to enable or disable client certificate checking and CAC support on the firewall. From the Client Certificate Issuer drop-down list, select the appropriate Certification Authority (CA) to sign your client certificate. The Client Certificate Issuer drop-down menu contains a list of the Certification Authority (CA) certificate issuers. If the appropriate CA is not in the list, you can import that CA that you need into the list. To enable or disable OCSP checking for the client certificate, select the Enable OCSP Checking box. The Enable OCSP Checking box allows you to enable or disable the Online Certificate Status Protocol (OCSP) verification for the client certificate to verify that the certificate is still valid and has not been revoked. In the OCSP Responder URL field, enter the URL of the server that will verify the status of the certificate. The URL should point to the Common Gateway Interface (CGI) on the server side, which processes the OCSP verification. For example: http://10.103.63.251/ocsp Two Factor Authentication in SonicOS 5

When you use the Client Certificate Check with a CAC, the client certificate is automatically installed on the browser. When you begin a management session through HTTPS, the certificate selection window is displayed asking you to confirm the certificate. Step 8 Step 9 Click OK. At the prompt, enter your personal identification number (PIN), which protects the information stored on the CAC. Note The wrong PIN will lead to login failure, and if the retry count reaches the upper limit (3 tries), the CAC will be locked out. After you confirm the certificate, the firewall checks the Client Certificate Issuer to verify that the certificate is valid and has been signed by the CA. If it is verified, the user login page is displayed. 6 Two Factor Authenication in SonicOS

Step 10 Enter your user name and password in the Username and Password fields respectively. A window similar to this one is displayed, informing you that access to the firewall and your privileged services has been granted. Two Factor Authentication in SonicOS 7

If the firewall cannot confirm that the certificate is signed by a CA, the browser displays a standard connection failed message, such as:...cannot display web page! If OCSP is enabled, the browser performs an OCSP verification and displays the following message while it is checking. Client Certificate OCSP Checking... If the OCSP verification succeeds, the login page is displayed. If the OCSP verification fails, the following message is displayed: OCSP Checking fail! Please contact system administrator! When using the client certificate feature, these situations can lock the user out of the firewall: The Enable Client Certificate Check option is selected, but no certificate has been imported. The Enable Client Certificate Check option is selected and a certificate is installed on the browser, but either no Client Certificate Issuer is selected or the wrong Client Certificate Issuer is selected. The Enable OCSP Checking option is selected, but either the OCSP server is not available or a network problem is preventing the firewall from accessing the OCSP server. To restore access to a user that is locked out, the following CLI commands are provided: web-management client-cert disable web-management ocsp disable Note You must have administrator privileges to use the Command Line Interface (CLI) for SonicOS. For more information on Certificates, refer to the System > Certificates chapter of any of the following documents: SonicOS 5.9 Administrator s Guide SonicOS 6.2 Administrator s Guide The System > Certificates chapter includes information about: Importing Certificates Deleting Certificates Generating a Certificate Signing Request The Generating a Certificate Signing Request section includes information about how the RSA algorithm is used with certificates in SonicOS. 8 Two Factor Authenication in SonicOS