How to Bypass the Single Sign On (SSO) Process
10/14/2021 277 People found this article helpful 492,242 Views
Description
When SSO fails to authenticate a device, which is very common for servers and other network appliances that do not normally require authentication to the firewall, a device is put on a time out delay. All connections from that device are held/dropped until either that time out has passed or the device successfully authenticates. This time out is configurable, and by default is 1 minute in the current firmware. Furthermore, once a device has been timed out the SonicWall will reattempt the authentication again 1 minute later causing a repetitive failure cycle where web browsing can be very slow or function in quick bursts.
On the SSO configuration page, there is an option on the Enforcement Tab for Exclusions. Any device which is not going to respond to the SSO agent, such as Server, Routers, Printers, VoIP Phones, etc. Should be identified and excluded from the SSO process. This will reduce the workload on your sonicwall and improve performance for the devices in question.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Create an Address Object Group example: "SSO Bypass Group"
For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances
- Click Device in the top navigation menu
- Under Users | Settings
- Click Configure SSO
- On SSO Configuration Page click on Enforcement Tab
- On the Enforcement Tab, Under SSO Bypass Click on ADD Bypass.
- Select the Bypass SSO by Addresses and select the address object created under the drop down
- Click on SAVE
- Save at the bottom to finish the procedure, by clicking the OK button
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Create an Address Object Group example: "SSO Bypass Group"
For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances
- Click Manage in the top navigation menu
- Under Users | Settings
- Click Configure SSO
- On SSO Configuration Page click on Enforcement Tab
- On the Enforcement Tab, Under SSO Bypass Click on ADD.
- Select the Bypass SSO by Addresses and select the address object created under the drop down
- Click on ADD
- Save at the bottom to finish the procedure, by clicking the OK button
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Step 1: Create an Address Object Group example: "SSO Bypass Group"
Step 2: Create an Address Object for the device you with to bypass, and make it a member of the bypass group from step 1.
For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances (SonicOS Enhanced)
Step 3: Under Users | Settings click Configure SSO... option
Step 4: On the Enforcement Tab, click Add select the group you created in step 1.
Step 5: Save at the bottom to finish the procedure, by clicking the OK button..
Related Articles
Categories