Support User Manuals

SonicWALL SonicWALL UTM Appliance Welding System User Manual

Open as PDF

of 57

12

Step 11: On the LDAP Relay tab, configure the following fields:

The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site

with an LDAP/AD server and a central SonicWALL with remote satellite sites connected into it via

older low-end SonicWALL security appliances that may not support LDAP. In that case the central

SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway

between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server.

Additionally, for remote SonicWALLs running non-enhanced firmware, with this feature the central

SonicWALL can return legacy user privilege information to them based on user group memberships

learned via LDAP. This avoids what can be a very complex configuration of an external RADIUS

server such as IAS, for those SonicWALLs.

• Enable RADIUS to LDAP Relay – Enables this feature.

• Allow RADIUS clients to connect via – Check the relevant checkboxes and policy rules will be

added to allow incoming RADIUS requests accordingly.

• RADIUS shared secret – This is a shared secret common to all remote SonicWALLs.

• User groups for legacy VPN users – Defines the user group that corresponds to the legacy ‘Access

to VPNs’ privileges. When a user in this user group is authenticated, the remote SonicWALL is

notified to give the user the relevant privileges.

• User groups for legacy VPN client users – Defines the user group that corresponds to the legacy

‘Access from VPN client with XAUTH’ privileges. When a user in this user group is authenticated, the

remote SonicWALL is notified to give the user the relevant privileges.

• User groups for legacy L2TP users – Defines the user group that corresponds to the legacy

‘Access from L2TP VPN client’ privileges. When a user in this user group is authenticated, the remote

SonicWALL is notified to give the user the relevant privileges.

• User groups for legacy users with Internet access – Defines the user group that corresponds to

the legacy ‘Allow Internet access (when access is restricted)’ privileges. When a user in this user

group is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.

NOTE: The ‘Bypass filters’ and ‘Limited management capabilities’ privileges are returned based on

membership to user groups named ‘Content Filtering Bypass’ and ‘Limited Administrators’ – these are not

previous next