Secure Mobile Access 12.4 Administration Guide

Technical Documentation> Installation> Installation and Initial Setup> Installation and Deployment Process> Configuring the Appliance Using the Management Console

Secure Mobile Access 12.4.3
Introduction
- About Secure Mobile Access
Installation
- Installation and Initial Setup
Management
- Working with Appliance Management Console
- User Management
Authentication
- Network and Authentication Configuration
Administration
- Security Administration
  - Creating and Managing Resources
    Resource Types
    Built-In Resources
    Secure Mobile Access WorkPlace (Resource Type: URL)
    Connect Tunnel (Resource Type: URL)
    Network Explorer (Resource Type: Network Share)
    Web Resources
    Client/Server Resources
    File Share Resources
    Resources and Resource Groups
    Viewing Resources and Resource Groups
    Adding Resources
    Example: Specifying a URL Alias
    Example: Blocking Email Attachments
    Example: Supporting Exchange on iPhones
    Example: Restricting Access to Sensitive Data
    Editing Resources
    Deleting Resources
    Configuring a Resource as a SharePoint Web Service
    Exclusions
    Using the Exclusions
    Using Variables in Resource and WorkPlace Shortcut Definitions
    Using Session Property Variables
    Using Query-Based Variables
    Creating a Resource Pointing to Users’ Remote Desktops
    Creating a WorkPlace Link Giving Users Access to Their Remote Desktops
    Creating a Variable Containing a Variable
    Modifying Query Results
    Displaying a Series of Shortcuts Using a Single Definition
    Creating and Managing Resource Groups
    Adding Resource Groups
    Example: Working with a URL Redirect
    Editing, Deleting and Copying Resource Groups
    Web Application Profiles
    Viewing Web Application Profiles
    Adding Web Application Profiles
    Preconfigured Web Application Profiles
    Web Application Profile Examples
    How Requests for Web Resources are Evaluated
    Associating one profile with an entire domain
    Editing and Deleting Web Application Profiles
    Configuring a Single Sign-On Authentication Server
    Forms-Based Single Sign-On
    Basic Authentication Forwarding
    NTLM Authentication Forwarding
    Creating Forms-Based Dynamic Single Sign-On Profiles
    Dynamic SSO Profile for Microsoft RDWeb
    Configuring Microsoft RD Web Access in AMC
    Creating Dynamic SSO Profile for Microsoft Remote Desktop Web Client
    Creating Web Application Profile
    Creating RDWeb URL resource with custom access
    Adding RDWeb in start page
    Dynamic SSO Profile for Citrix XenApp
    Configuring Citrix XenApp in AMC
    Creating Dynamic SSO Profile for Citrix XenApp
    Creating Web Application Profile
    Creating Citrix XenApp URL resource with custom access
    Adding Citrix Xenapp in start page
    Kerberos Constrained Delegation
    Configuring Kerberos Constrained Delegation
    Configuring SMA Support for Microsoft Outlook Anywhere
    Viewing User Sessions
  - Access Control Rules
    Configuring Access Control Rules
    Viewing Access Control Rules
    Access Control Rules for Bi-Directional Connections
    Requirements for Reverse and Cross-Connections
    Securing Application Ports for Reverse Connections
    Adding Access Control Rules for a Forward Connection
    Specifying Advanced Access Control Rule Attributes
    Adding Access Control Rules for a Reverse Connection
    Adding a Pair of Access Control Rules for a Cross-Connection
    Configuring Advanced Access Control Rule Attributes
    Access Methods and Advanced Options
    Adding Users and Resources From Within Access Control Rules
    Editing, Copying, and Deleting Access Control Rules
    Resolving Deny Rule Incompatibilities
    Resolving Invalid Destination Resources
    Invalid Resource Examples
- System Administration
End Point Control
Components
Mobile Connect
- Using SMA with Mobile Connect
Appendix
SonicWall Support
- About This Document

Configuring the Appliance Using the Management Console

The final installation and deployment settings are done in AMC.

To configure the appliance in the AMC

Log in to AMC.
Register the appliance on MySonicWall and retrieve your license file.

When you register your appliance, you must enter both your serial number and your authentication code, which is the hardware identifier for the appliance you purchased:
- The serial number is printed on a label on the outside of your appliance and also available in the Licensing page..
- The authentication code is displayed in AMC: click General Settings from the main navigation menu, and then look in the Licensing area.
When you receive your SMA appliance there is a single user license on it, valid for three days. To become familiar with the AMC and test it in your environment with additional users, request a lab license. After initial setup and testing, download your license file from MySonicWall and then import it to the appliance.

See Managing Licenses.
Define one or more authentication servers.

Authentication is used to verify the identity of users. When configuring an authentication server, you are prompted to specify a directory type (LDAP, Microsoft Active Directory, RADIUS, or local users) and a credential type (username/password, token, or digital certificate).

See Managing User Authentication.
Configure a server certificate.

The appliance encrypts information using the Secure Sockets Layer (SSL) protocol. You can use Let's Encrypt certificate authority that is public, free, API-driven, and trusted by browsers/clients. You can create a selfsigned certificate using AMC for evaluation or testing purpose.

See Certificates.
Define application resources and groups.

Application resources include TCP/IP-based resources (such as client/server applications, file servers, or databases), Web-based resources (including Web applications or Web sites) that run over HTTP, and Windows network share resources (to be accessed in WorkPlace). Resource definitions can include variables, so that a single resource can, for example, derive its network name or address based on each user.

See Creating and Managing Resources.
Define users and groups.

User and group definitions are used in access control rules to control access to application resources.

See Managing Users and Groups.
Define realms and communities.

Realms enable the appliance to directly integrate with authentication servers, eliminating the need to create and manage accounts for each user who needs access to your network. Communities aggregate users with similar access needs and End Point Control requirements.

See Managing User Authentication.
Create access control rules.

Access control rules determine what resources are available to users and groups.

See Access Control Rules.
Configure shortcuts for WorkPlace.

To provide your users with easy access to a Web, file system, or graphical terminal resource from within WorkPlace, you may want to create shortcuts in WorkPlace.

See Working with WorkPlace Shortcuts.
(Optional) Configure the network tunnel service.

If you plan to deploy the network tunnel clients, you must configure the network tunnel service and allocate IP address pools for the clients.

See Configuring the Network Tunnel Service.
(Optional) Enable and configure End Point Control.

End Point Control optionally deploys data protection components designed to safeguard sensitive data and ensure that your network is not compromised when accessed from PCs in untrusted environments. End Point Control is deployed through communities.

See End Point Control and Using End Point Control Restrictions in a Community.
Apply your changes.

To activate your configuration changes, you must apply them.

See Applying Configuration Changes.
Test system accessibility.

Verify that the appliance can access your external user repositories, and ensure that the resources on your network are accessible.

See Troubleshooting.

< Prev Section

Next Section >

Secure Mobile Access 12.4 Administration Guide

Table of Contents

Configuring the Appliance Using the Management Console