-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Two factor authentication using RSA Radius and SecurID for SonicWall GVC and NetExtender Clients
05/31/2023 
1,827 People found this article helpful
496,135 Views
Description
This article will explain how to use RSA RADIUS with RSA Authentication Manager to directly authenticate SonicWall SSLVPN NetExtender, GVC users attempting to access network resources through the SonicWall firewall.
The RSA RADIUS Server receives users access requests from RADIUS client and forwards them to Authentication Manager for validation.
The RADIUS Client is the SonicWall device at the network perimeter that enforces access control for users attempting to access network resources.
NOTE: Two factor authentication is accomplished here by combining the PASSCODE and the PIN code.
EXAMPLE: Example of Deployment
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
SonicWall Radius configuration steps
- Under Device | Users | Settings |User Authentication method select RADIUS + Local Users as one of the authentication method.
2. Configure the RADIUS Server settings, Add RADIUS server.
3. Keep all the other settings by default and Click Apply.
Add the SonicWall firewall as a RADIUS Client for RSA
- You add a RADIUS client in the RSA Security Console.
- Click RADIUS | RADIUS Clients | Add New and configure the settings.
- The SonicWall firewall Radius client needs to be associated with an agent.
- If you have not associated this client with an agent, the client cannot support RSA SecurID authentication.
- Assign a SecurID Token to the VPN user.
Configure the SonicWall clients
- Configure the SonicWall NetExtender client.
- Configure the SSLVPN Services Group under Device | Users | Local Users & Groups | SSLVPN Services.
3. Add the All RADIUS Users Group as member of this group and click OK.
Configure the NetExtender client
- On the SonicWall NetExtender window set the parameters for the server and domain.
- Enter the Username and the PASSCODE(+PIN) and click Connect.
Configure the SonicWall GVC Client
- When a remote VPN client user tries to access the private protected LAN through an SA requiring RADIUS/XAUTH, the VPN client automatically prompts the user for a User Name and Password.
- Since we are using RSA SecurID, enter the corresponding username and PASSCODE (+PIN) into the VPN client XAUTH username/password prompt.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
SonicWall Radius configuration steps
- Under Manage | Users | Settings |User Authentication Settings select RADIUS as one of the authentication method.
- Configure the RADIUS Server settings, Add RADIUS server.
- Keep all the other settings by default and Click Apply.
Add the SonicWall firewall as a RADIUS Client for RSA
- You add a RADIUS client in the RSA Security Console.
- Click RADIUS | RADIUS Clients | Add New and configure the settings.
- The SonicWall firewall Radius client needs to be associated with an agent.
- If you have not associated this client with an agent, the client cannot support RSA SecurID authentication.
- Assign a SecurID Token to the VPN user.
Configure the SonicWall clients
- Configure the SonicWall NetExtender client.
- Configure the SSLVPN Services Group under Manage | Users | Local Users & Groups | SSLVPN Services.
- Add the All RADIUS Users Group as member of this group and click OK.
- On the SonicWall NetExtender window set the parameters for the server and domain.
- Enter the Username and the PASSCODE(+PIN) and click Connect.
Configure the SonicWall GVC Client
- When a remote VPN client user tries to access the private protected LAN through an SA requiring RADIUS/XAUTH, the VPN client automatically prompts the user for a User Name and Password.
- Since we are using RSA SecurID, enter the corresponding username and PASSCODE (+PIN) into the VPN client XAUTH username/password prompt.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
SonicWall Radius configuration steps
- Under Users | Settings | User Login Settings select RADIUS as one of the authentication method.
- Configure the RADIUS server settings.
- Keep all the other settings by default and click Apply.
Add the SonicWall firewall as a RADIUS Client for RSA
- You add a RADIUS client in the RSA Security Console.
- Click RADIUS | RADIUS Clients | Add New and configure the settings.
- The SonicWall firewall Radius client needs to be associated with an agent.
- If you have not associated this client with an agent, the client cannot support RSA SecurID authentication.
- Assign a SecurID Token to the VPN user.
Configure the SonicWall clients
- Configure the SonicWall NetExtender client.
- Configure the SSLVPN Services Group under Users | Local Groups | SSLVPN Services.
- Add the All RADIUS Users Group as member of this group and click OK.
- On the SonicWall NetExtender window set the parameters for the server and domain.
- Enter the Username and the PASSCODE(+PIN) and click Connect.
Configure the SonicWall GVC Client
- When a remote VPN client user tries to access the private protected LAN through an SA requiring RADIUS/XAUTH, the VPN client automatically prompts the user for a User Name and Password.
- Since we are using RSA SecurID, enter the corresponding username and PASSCODE (+PIN) into the VPN client XAUTH username/password prompt.
Related Articles
- Initial and Advanced Firewall Setup for high security environments
- How to setup Active/Standby High Availability on NSSP 13700 appliances?
- How to Create URI List Objects/Groups on SonicOSX 7?
Categories
- Firewalls > NSa Series > User Login
- Firewalls > NSv Series > User Login
- Firewalls > TZ Series > User Login
YES
NO