SonicWall NSA Integration
SonicWall NSA PINsafe integration with SMS
The SonicWALL Network Security Appliance (NSA) Series applies next-generation Unified Threat Management (UTM) against a comprehensive array of attacks, combining intrusion prevention, anti-virus and antispyware with the application-level control of SonicWALL Application Firewall.
The appliances have SSL VPN capability with which PINsafe can provide Two Factor Authentication using SMS with RADIUS authentication.
If Strong authentication is required using TURing, then the image needs to be displayed to the user such as the use of a Taskbar, Web page etc. The use of TURing is not covered in this document.
Overview
Prerequisites
Swivel 3.x configured with users and SMS gateway
SonicWALL Network Security Appliance configured for local authentication. Tested with 5.2 and 5.8
Baseline
PINsafe 3.x
NSA 240, SonicOS Enhanced 5.2.0.1-21o
Architecture
The NSA appliance was the firewall/SSL VPN device with the PINsafe server located within the DMZ.
Installation
Configuring the PINsafe server
Configure PINsafe as a RADIUS server, from the RADIUS/server menu, enter the RADIUS server details and then select Enable RADIUS server. From the RADIUS/NAS menu enter a name for the SonicWALL NAS appliance and its IP address and a shared secret key.
Configuring the SonicWALL NSA Appliance User Settings
Select Users, then Settings, and on the menu for Authentication Method for Login: select RADIUS
Configuring the SonicWALL NSA Appliance RADIUS settings
From the Users\Settings menu click on Configure button next to the RADIUS option, then select the Settings tab and in the Primary Server IP Address field, enter the IP address of the PINsafe server and the shared secret key, and the required port.
Select the RADIUS Users tab, and ensure there is no tick in the allow only users listed locally box. Enter any other required information.
Testing SonicWALL NSA Appliance RADIUS configuration
Select the Test tab, and enter a Username and a One Time Code in the password field from the users SMS, click on the Test button (Once only), and the returned attributes will verify if the test has worked, or alternatively, enter 1234, and check for a Authentication Rejected message.
Known Issues and Limitations
It is not currently possible to embed the Turing image into the login page, however other options such as the Taskbar utility or a web page can be used.
Additional Information
For assistance in the PINsafe installation and configuration please firstly contact your reseller and then email Swivel Secure support at support@swivelsecure.com or the local SonicWALL office http://www.sonicwall.com/emea/Support.html.
