|
2
|
Navigate to the Console > Management > Domain page. You will see a default LocalDomain. To create a new domain in SonicWALL GMS, click Add Domain to complete the configuration parameters for the new remote domain.
|
|
3
|
Under Name, type in the desired name for the remote domain. This name is visible on the Domain pull-down list on the SonicWALL GMS Login screen.
|
|
4
|
For Default Admin User, specify a valid user account -- this is the default admin account created for the domain. Note that this username must exist in your third-party server, and has administrative privileges in GMS for the newly created domain.
|
|
5
|
The Host Name can either be specified as the IP Address of the remote server, or the fully-qualified domain name. This field can accept/display IPv4 and IPv6 addresses.
The authentication server’s Global Catalog can be set as a Host in case of a complex directory structure. If using the Global Catalog, SonicWALL GMS will be able to search through the directory and through all its children node. |
|
6
|
Enter a friendly name, or Alias for this new Domain.
|
|
1
|
|
2
|
Check the Add Auth Server option to enable third-party authentication for this domain.
|
|
3
|
In the Authentication Port field, specify the value of the port number on which the third-party server listens for authentication requests.
|
|
4
|
|
5
|
|
6
|
The Base Distinguished Name (Base DN) is used to identify the root entry in the directory from which SonicWALL GMS will execute searches. This should be the node in the authentication system under which all SonicWALL GMS users are present. The value is specified as a distinguished name (for example, dc=gmseng,dc=com).
|
|
7
|
Click Use SSL to use SSL when connecting to the remote server. If you check this check box, you will need to specify the SSL Port on which the remote server is listening for bind requests. By default, this is 636. If connecting to an AD server’s global catalog, use port 3269.
|
|
8
|
Only select Anonymous Login if the authentication system is configured to allow anonymous binds. This option makes the Admin User ID irrelevant. This is not a recommended setting as it reduces security.
|
|
9
|
The Login User Distinguished Name is used to authenticate to the third-party server when completing the initial bind. This value is specified as a distinguished name. Type in the matching password for the Login Password field.
|
|
10
|
In the Connection Timeout field, specify the connection timeout period (in milliseconds). After the Settings panel is completed, click the Schema panel to continue setup of the new remote domain.
|
|
11
|
Under LDAP Schema, select which LDAP Server you are using from the pull-down list. Each selection in this list fills in the remaining fields on the Schema panel with default values.
|
|
NOTE: If the server you are using is not specified in the default list, click User Defined to configure your own values and settings.
|
|
12
|
Optional, for AD servers only: Select Allow Only AD Group Members. Then specify which groups are allowed to login to GMS from this remote domain. Multiple groups can be specified if they are separated by a semi-colon. All users that are members of the specified AD group must be present below the Base DN that was specified in the settings pane.
|
|
13
|
Click OK.
|
|
1
|
Check the Add Auth Server option to enable authentication by a third-party server.
|
|
2
|
Enter the Host Name (or IP address) of the RADIUS server you wish to use for authentication.
|
|
3
|
Enter the Authentication Port on which the RADIUS server listens for requests. The default Authentication Port is 1812.
|
|
4
|
Enter the Shared Secret to be used between GMS the RADIUS server.
|
|
6
|
Enter the RADIUS Timeout (Seconds), this specifies the amount of time GMS waits before giving up — or retrying — the authentication attempt. The number of retries is specified next. The default value is 10 seconds.
|
|
7
|
Enter the Max Retries, this specifies the number of times GMS attempts to authenticate with the RADIUS server before aborting the attempt. The default value is three tries.
|
|
8
|
Fill in the Host Name, Authentication Port, and Shared Secret values for your backup RADIUS server, if available.
|
|
9
|
Check the Allow Only Radius Group Members option if you plan to limit GMS access to members of select groups. The specific groups are specified later in this tab.
|
|
10
|
If configured, select the Use SonicWALL Vendor specific attribute on RADIUS Server option to use SonicWall-user-group, and SonicWall-user-groups as RADIUS user group identifiers for GMS authentication.
|
|
11
|
If the RADIUS server is configured to return the ‘Filter-ID’ attribute with each user ID, select the Use Filter-ID attribute on RADIUS Server option. Henceforth, this value is used as the RADIUS user group identifier.
|
|
12
|
Enter the Allowed RADIUS Group(s), separated by a semi-colon “;”. This field specifies groups, the members of which are allowed to access GMS resources.
|
Under the Test panel, you are able to test and verify the remote domain configurations entered on the Settings panel. If there are any errors in your configurations, this screen alerts you and provides information on how to correct them.
You will also see the new domain (local and remote) you have created under Console > Management > Domains of SonicWALL GMS. To confirm the configurations for each domain, click the 
icon to view or change these settings.
icon to view or change these settings.|
2
|
Navigate to the Console > Management > Domain page. To delete a domain in SonicWALL GMS, select the check box corresponding to the domain you wish to delete and click Edit Domain.
|