SonicWALL SonicWALL UTM Appliance Welding System User Manual


 
12
Step 11: On the LDAP Relay tab, configure the following fields:
The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site
with an LDAP/AD server and a central SonicWALL with remote satellite sites connected into it via
older low-end SonicWALL security appliances that may not support LDAP. In that case the central
SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway
between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server.
Additionally, for remote SonicWALLs running non-enhanced firmware, with this feature the central
SonicWALL can return legacy user privilege information to them based on user group memberships
learned via LDAP. This avoids what can be a very complex configuration of an external RADIUS
server such as IAS, for those SonicWALLs.
Enable RADIUS to LDAP Relay – Enables this feature.
Allow RADIUS clients to connect via – Check the relevant checkboxes and policy rules will be
added to allow incoming RADIUS requests accordingly.
RADIUS shared secret – This is a shared secret common to all remote SonicWALLs.
User groups for legacy VPN users – Defines the user group that corresponds to the legacy ‘Access
to VPNs’ privileges. When a user in this user group is authenticated, the remote SonicWALL is
notified to give the user the relevant privileges.
User groups for legacy VPN client users – Defines the user group that corresponds to the legacy
‘Access from VPN client with XAUTH’ privileges. When a user in this user group is authenticated, the
remote SonicWALL is notified to give the user the relevant privileges.
User groups for legacy L2TP users – Defines the user group that corresponds to the legacy
‘Access from L2TP VPN client’ privileges. When a user in this user group is authenticated, the remote
SonicWALL is notified to give the user the relevant privileges.
User groups for legacy users with Internet access – Defines the user group that corresponds to
the legacy ‘Allow Internet access (when access is restricted)’ privileges. When a user in this user
group is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.
NOTE: The ‘Bypass filters’ and ‘Limited management capabilities’ privileges are returned based on
membership to user groups named ‘Content Filtering Bypass’ and ‘Limited Administrators’ – these are not