How to Bypass the Single Sign On (SSO) Process

10/14/2021 272 People found this article helpful 486,471 Views

Description

When SSO fails to authenticate a device, which is very common for servers and other network appliances that do not normally require authentication to the firewall, a device is put on a time out delay. All connections from that device are held/dropped until either that time out has passed or the device successfully authenticates. This time out is configurable, and by default is 1 minute in the current firmware. Furthermore, once a device has been timed out the SonicWall will reattempt the authentication again 1 minute later causing a repetitive failure cycle where web browsing can be very slow or function in quick bursts.

On the SSO configuration page, there is an option on the Enforcement Tab for Exclusions. Any device which is not going to respond to the SSO agent, such as Server, Routers, Printers, VoIP Phones, etc. Should be identified and excluded from the SSO process. This will reduce the workload on your sonicwall and improve performance for the devices in question.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Create an Address Object Group example: "SSO Bypass Group"

For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances

Click Device in the top navigation menu
Under Users | Settings
Click Configure SSO
On SSO Configuration Page click on Enforcement Tab
On the Enforcement Tab, Under SSO Bypass Click on ADD Bypass.
Select the Bypass SSO by Addresses and select the address object created under the drop down
Click on SAVE
Save at the bottom to finish the procedure, by clicking the OK button

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Create an Address Object Group example: "SSO Bypass Group"

For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances

Click Manage in the top navigation menu
Under Users | Settings
Click Configure SSO
On SSO Configuration Page click on Enforcement Tab
On the Enforcement Tab, Under SSO Bypass Click on ADD.
Select the Bypass SSO by Addresses and select the address object created under the drop down
Click on ADD
Save at the bottom to finish the procedure, by clicking the OK button

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Step 1: Create an Address Object Group example: "SSO Bypass Group"

Step 2: Create an Address Object for the device you with to bypass, and make it a member of the bypass group from step 1.

For detailed instructions on how to complete steps 1 and 2, see How to create Address Objects in Sonicwall UTM Appliances (SonicOS Enhanced)

Step 3: Under Users | Settings click Configure SSO... option

Step 4: On the Enforcement Tab, click Add select the group you created in step 1.