Bedienungsanleitung SonicWALL UTM Appliance

Bedienungsanleitung für das Gerät SonicWALL UTM Appliance

Gerät: SonicWALL UTM Appliance
Kategorie: Schweißsystem
Produzent: SonicWALL
Größe: 1.57 MB
Datum des Hinzufügens: 6/28/2013
Seitenanzahl: 57
Anleitung drucken

Herunterladen

Wie kann man es nutzen?

Unser Ziel ist Ihnen einen schnellen Zugang zu Inhalten in Bedienungsanleitungen zum Gerät SonicWALL UTM Appliance zu garantieren. Wenn Sie eine Online-Ansicht nutzten, können Sie den Inhaltsverzeichnis schnell durchschauen und direkt zu der Seite gelangen, auf der Sie die Lösung zu Ihrem Problem mit SonicWALL UTM Appliance finden.

Für Ihre Bequemlichkeit

Wenn das direkte Durchschauen der Anleitung SonicWALL UTM Appliance auf unserer Seite für Sie unbequem ist, können sie die folgende zwei Möglichkeiten nutzen:

  • Vollbildsuche – Um bequem die Anleitung durchzusuchen (ohne sie auf den Computer herunterzuladen) können Sie den Vollbildsuchmodus nutzen. Um das Durchschauen der Anleitung SonicWALL UTM Appliance im Vollbildmodus zu starten, nutzen Sie die Schaltfläche Vollbild
  • Auf Computer herunterladen – Sie können die Anleitung SonicWALL UTM Appliance auch auf Ihren Computer herunterladen und sie in Ihren Sammlungen aufbewahren. Wenn Sie jedoch keinen Platz auf Ihrem Gerät verschwenden möchten, können Sie sie immer auf ManualsBase herunterladen.
SonicWALL UTM Appliance Handbuch - Online PDF
Advertisement
« Page 1 of 57 »
Advertisement
Druckversion

Viele Personen lesen lieber Dokumente nicht am Bildschirm, sondern in gedruckter Version. Eine Druckoption der Anleitung wurde ebenfalls durchdacht, und Sie können Sie nutzen, indem Sie den Link klicken, der sich oben befindet - Anleitung drucken. Sie müssen nicht die ganze SonicWALL UTM Appliance Anleitung drucken, sondern nur die Seiten, die Sie brauchen. Schätzen Sie das Papier.

Zusammenfassungen

Unten finden Sie Trailer des Inhalts, der sich auf den nächsten Anleitungsseiten zu SonicWALL UTM Appliance befindet. Wenn Sie den Seiteninhalt der nächsten Seiten schnell durchschauen möchten, können Sie sie nutzen.

Inhaltszusammenfassungen
Inhaltszusammenfassung zur Seite Nr. 1




LDAP Leveraging LDAP Groups/ Users with SonicWALL UTM Appliance




Contents
Contents .............................................................................................................................................................. 1
Integrating LDAP/Active Directory with Sonicwall UTM ...................................................................................... 3
LDAP over SSL ...................................................................................

Inhaltszusammenfassung zur Seite Nr. 2

Blocking IM Traffic Categorically............................................................................................................... 51 Applying Granular IM Policies ................................................................................................................... 52 Applying VPN Access Policies to Groups/Users............................................................................................... 53 Global VPN Client (GVC) .................................

Inhaltszusammenfassung zur Seite Nr. 3

Integrating LDAP/Active Directory with Sonicwall UTM SonicOS supports a range of different LDAP servers, the most popular being Active Directory (AD). AD is also an LDAP implementation. Please refer to the following paper as a supplement on how to configure LDAP settings. http://www.sonicwall.com/downloads/LDAP_Integration_Feature_Module.pdf LDAP over SSL Integrating your SonicWALL appliance with an LDAP directory service using SSL requires configuring your LDAP server for certificate m

Inhaltszusammenfassung zur Seite Nr. 4

Exporting the CA Certificate from the Active Directory Server To export the CA certificate from the AD server: Step 1: Launch the Certification Authority application: Start > Run > certsrv.msc. Step 2: Right click on the CA you created and select Properties. Step 3: On the General tab, click the View Certificate button. Step 4: On the Details tab, select Copy to File. Step 5: Follow through the wizard, and select the Base-64 Encoded X.509 (.cer) format. Step 6: Specify a path and filename

Inhaltszusammenfassung zur Seite Nr. 5

Step 5: On the Settings tab of the LDAP Configuration window, configure the following fields: • Name or IP Address – The FQDN or the IP address of the LDAP server against which you wish to authenticate. If using a name, be certain that it can be resolved by your DNS server. Also, if using TLS with the ‘Require valid certificate from server’ option, the name provided here must match the name to which the server certificate was issued (i.e. the CN) or the TLS exchange will fail. • Por

Inhaltszusammenfassung zur Seite Nr. 6

• Send LDAP ‘Start TLS’ Request – Some LDAP server implementations support the Start TLS directive rather than using native LDAP over TLS. This allows the LDAP server to listen on one port (normally 389) for LDAP connections, and to switch to TLS as directed by the client. Active Directory does not use this option, and it should only be selected if required by your LDAP server. • Require valid certificate from server – Validates the certificate presented by the server during the TLS exchang

Inhaltszusammenfassung zur Seite Nr. 7

Selecting any of the predefined schemas will automatically populate the fields used by that schema with their correct values. Selecting ‘User Defined’ will allow you to specify your own values – use this only if you have a specific or proprietary LDAP schema configuration. • Object class – Select the attribute that represents the individual user account to which the next two fields apply. • Login name attribute – Select one of the following to define the attribute that is used for login

Inhaltszusammenfassung zur Seite Nr. 8

• Primary Domain – The user domain used by your LDAP implementation. For AD, this will be the Active Directory domain name, e.g. yourADdomain.com. Changes to this field will, optionally, automatically update the tree information in the rest of the page. This is set to mydomain.com by default for all schemas except Novell eDirectory, for which it is set to o=mydomain. • User tree for login to server – The location of where the tree is that the user specified in the settings tab. For exampl

Inhaltszusammenfassung zur Seite Nr. 9

trees are best ordered with those on the primary server first, and the rest in the same order that they will be referred. NOTE: When working with AD, to determine the location of a user in the directory for the ‘User tree for login to server’ field, the directory can be searched manually from the Active Directory Users and Settings control panel applet on the server, or a directory search utility such as queryad.vbs in the Windows NT/2000/XP Resource Kit can be run from any PC in the domain

Inhaltszusammenfassung zur Seite Nr. 10

Step 10: On the LDAP Users tab, configure the following fields: • Allow only users listed locally – Requires that LDAP users also be present in the SonicWALL local user database for logins to be allowed. • User group membership can be set locally by duplicating LDAP user names – Allows for group membership (and privileges) to be determined by the intersection of local user and LDAP user configurations. • Default LDAP User Group – A default group on the SonicWALL to which LDAP users will

Inhaltszusammenfassung zur Seite Nr. 11

In the LDAP Import User Groups dialog box, select the checkbox for each group that you want to import into the SonicWALL, and then click Save. Having user groups on the SonicWALL with the same name as existing LDAP/AD user groups allows SonicWALL group memberships and privileges to be granted upon successful LDAP authentication. Alternatively, you can manually create user groups on the LDAP/AD server with the same names as SonicWALL built-in groups (such as ‘Guest Services’, ‘Content Filt

Inhaltszusammenfassung zur Seite Nr. 12

Step 11: On the LDAP Relay tab, configure the following fields: The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site with an LDAP/AD server and a central SonicWALL with remote satellite sites connected into it via older low-end SonicWALL security appliances that may not support LDAP. In that case the central SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway between RADIUS and LDAP, and relaying authenticatio

Inhaltszusammenfassung zur Seite Nr. 13

configurable. Step 12: Select the Test tab to test the configured LDAP settings: The Test LDAP Settings page allows for the configured LDAP settings to be tested by attempting authentication with specified user and password credentials. Any user group memberships and/or framed IP address configured on the LDAP/AD server for the user will be displayed. Authentication There are two mechanisms available for having a user authenticate to the SonicWALL firewall. The first mechanism is the S

Inhaltszusammenfassung zur Seite Nr. 14

Logon to Appliance – Configuring User Level Authentication Settings This is the other method of authenticating users, and requires the user to login to the appliance. Please refer to the following paper for more details on ULA: http://www.sonicwall.com/downloads/SonicOS_Standard_2.1_User-Level_Authentication.pdf In this example, the LAN zone will be configured for ULA: Step 1: Go to Network>Interfaces>X0 (or appropriate interface). Step 2: Under General enable HTTPS User Login. Also

Inhaltszusammenfassung zur Seite Nr. 15

Step 5: Click Add, then create the following two rules as depicted below. The order is important. The new first rule allows any DNS queries out. The new second rule forces all users (Everyone) to be challenged before accessing the Internet for HTTP only. NOTE: This configuration will allow any traffic out other than HTTP, even without first authenticating. If you want to block ALL traffic before authenticating for HTTP, then disable the default ‘Any, Any, Any, Allow’ rule as depicte

Inhaltszusammenfassung zur Seite Nr. 16

NOTE: The difference between “All” and “Everyone” in a policy rule. Selecting “All” will allow all matching traffic, regardless from an authenticated user or not. Selecting the “Everyone” user group will allow traffic from any logged in user, but not from a user who has not logged in. 16

Inhaltszusammenfassung zur Seite Nr. 17

If everything is working correctly, you should then see users authenticated on the Log>View page. SonicOS Options That Leverage Groups/Users Now that we have a means of authenticating users to the SonicWALL firewall, we can leverage the groups/users that are in LDAP/Active Directory for a myriad of options: • Create firewall rules for specific groups/users • Create different content filtering policies for different groups • Create Application Firewall policies for specific groups

Inhaltszusammenfassung zur Seite Nr. 18

• Rule processing stops as soon as there is a match (with some caveats – see below) • Rule logic first looks at Source, then Destination, Service, and Action. If there is a match there, rule processing stops and then further subset rule processing can happen (rules set for schedules, users/groups, or BWM) for that specific rule. o What cannot occur is two overlapping rules for the same service for different groups. For example, if you had a FW rule that allowed FTP for Group 1, and below

Inhaltszusammenfassung zur Seite Nr. 19

allowed access through it. Matching traffic from the user or members of the user group will be given access, and matching traffic from anyone else will be denied access. For multiple user groups to be allowed access, create a single parent group user containing all of them as members and set a single rule specifying that parent group as the users allowed. A shortcoming in the rule configuration does allow rules to be created that are identical in all but the user group information. If two

Inhaltszusammenfassung zur Seite Nr. 20

Firewall Rules with Bandwidth Management & Logging It is possible to leverage FW rules simply for logging and/or bandwidth management (BWM). To enable BWM, it is first necessary to go to Network > Interfaces and configure the WAN interface. Click the Advanced tab, and then enable ingress and egress rates for your network. These rates should correspond with what your Internet provider is capable of providing you. 20


Ähnliche Anleitungen
# Bedienungsanleitung Kategorie Herunterladen
1 Sony 6 Handbuch Schweißsystem 0
2 ADTRAN NT1 T400 Handbuch Schweißsystem 1
3 AEG 2000 Handbuch Schweißsystem 2
4 AEG PV 2000 Handbuch Schweißsystem 8
5 Agilent Technologies AC Power Solutions 6814B Handbuch Schweißsystem 8
6 Agilent Technologies 5743A Handbuch Schweißsystem 0
7 Agilent Technologies 4291B Handbuch Schweißsystem 4
8 Agilent Technologies 08131-90001 Handbuch Schweißsystem 0
9 Agilent Technologies 5745A Handbuch Schweißsystem 2
10 Agilent Technologies 5742A Handbuch Schweißsystem 0
11 Agilent Technologies AC Power Solutions 6843A Handbuch Schweißsystem 0
12 Agilent Technologies AC Power Solutions 6813B Handbuch Schweißsystem 1
13 Agilent Technologies 35665-90026 Handbuch Schweißsystem 0
14 Agilent Technologies 5749A Handbuch Schweißsystem 1
15 Agilent Technologies 6012b Handbuch Schweißsystem 0