SonicWall NSA Integration

From Swivel Knowledgebase
Jump to: navigation, search


SonicWall NSA PINsafe integration with SMS

The SonicWALL Network Security Appliance (NSA) Series applies next-generation Unified Threat Management (UTM) against a comprehensive array of attacks, combining intrusion prevention, anti-virus and antispyware with the application-level control of SonicWALL Application Firewall.

The appliances have SSL VPN capability with which PINsafe can provide Two Factor Authentication using SMS with RADIUS authentication.

If Strong authentication is required using TURing, then the image needs to be displayed to the user such as the use of a Taskbar, Web page etc. The use of TURing is not covered in this document.


Overview

Prerequisites

Swivel 3.x configured with users and SMS gateway

SonicWALL Network Security Appliance configured for local authentication. Tested with 5.2 and 5.8


Baseline

PINsafe 3.x

NSA 240, SonicOS Enhanced 5.2.0.1-21o


Architecture

The NSA appliance was the firewall/SSL VPN device with the PINsafe server located within the DMZ.


Installation

Configuring the PINsafe server

Configure PINsafe as a RADIUS server, from the RADIUS/server menu, enter the RADIUS server details and then select Enable RADIUS server. From the RADIUS/NAS menu enter a name for the SonicWALL NAS appliance and its IP address and a shared secret key.

Configuring the SonicWALL NSA Appliance User Settings

Select Users, then Settings, and on the menu for Authentication Method for Login: select RADIUS

SonicWallUserSetting.jpg


Configuring the SonicWALL NSA Appliance RADIUS settings

From the Users\Settings menu click on Configure button next to the RADIUS option, then select the Settings tab and in the Primary Server IP Address field, enter the IP address of the PINsafe server and the shared secret key, and the required port.

SonicWallRadius.jpg

Select the RADIUS Users tab, and ensure there is no tick in the allow only users listed locally box. Enter any other required information.


Testing SonicWALL NSA Appliance RADIUS configuration

Select the Test tab, and enter a Username and a One Time Code in the password field from the users SMS, click on the Test button (Once only), and the returned attributes will verify if the test has worked, or alternatively, enter 1234, and check for a Authentication Rejected message.

SonincWallRadiusTest.jpg


Known Issues and Limitations

It is not currently possible to embed the Turing image into the login page, however other options such as the Taskbar utility or a web page can be used.


Additional Information

For assistance in the PINsafe installation and configuration please firstly contact your reseller and then email Swivel Secure support at support@swivelsecure.com or the local SonicWALL office http://www.sonicwall.com/emea/Support.html.

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=SonicWall_NSA_Integration&oldid=2913"