• Secure Mobile Access 12.4
• About This Guide
• CMS Configuration
  • Introduction to CMS
    • Overview
    • CMS Deployment Options
    • What’s New in This Release
      • Global Policy Settings
      • CMS Alerts Logging
    • Central Management Server
    • Central Management Console
    • Managed Appliances
    • Licensing CMS
    • Central User Licenses
    • Global Traffic Optimizer
    • FIPS and CMS
    • Getting Started in Five Steps
  • Installing and Configuring the Central Management Server
    • Overview
    • Kernel based Virtual Machine
    • Supported Platforms for CMS with Global HA
    • Hardware Resource Requirements
    • Installation Files
    • Setting Up a CMS
  • Configuring Appliances for Central Management
    • Overview
    • Firmware Compatibility with the CMS
    • Enabling Central Management on SMA Appliance
    • Registering an SMA Appliance with the CMS
    • Previously Configured Appliances
  • Using the Management Console Menus
    • Overview
    • Dashboard
      • Alerts
      • Appliances Pane
      • Appliance Load
      • Central License Usage Pane
      • About Pane
    • Management Server
      • Alerts
        • View Alerts
        • Configure Alerts
        • Notification
      • Configure
        • Central Management Settings
        • CMS Address Pool
        • Licensing
        • Administrators
          • General Settings
        • Network Settings
        • SSL Settings
        • Services
          • Manage SSH settings from CMS
      • Monitor
        • Configure the logging setting for Managed appliances
      • Maintain
    • Managed Appliances
      • Add/Remove
      • Configure
        • Overview
        • Configuring the Managed Appliances
          • Define Policy
          • Synchronize
        • Support multiple policies with CMS and shared licensing
          • Applying authentication servers to specific appliance
          • Applying SMTP configuration service to specific appliance
          • Applying SMS service to specific appliance
          • Applying realms to a subset of appliance
          • Assign rules to a subset of appliances
          • Support multiple GTO services
      • Monitor
        • User Sessions
        • Reports
        • Health
      • Maintain
  • Central User Licensing
    • Overview
    • How Central User Licenses Work
      • Central Spike User Licenses
      • Central Email Licenses
      • Perpetual Pooled Licenses
    • Enabling Central User Licensing
    • Getting Started with Central User Licensing
      • Setting Up CMS to Use Central User Licenses
      • Setting up CMS for Centralized Appliance Configuration and Management
      • Resetting a CMS License
  • Global High Availability
    • High Availability of the VPN Service
    • High Availability of the CMS
    • Disaster Recovery for the VPN Service
  • Alerts and SNMP
    • Overview
    • Pre-Configured Alerts
    • Configuring SNMP
  • Capture Advanced Threat Protection
    • Enabling Capture ATP
    • File Options
    • Web Services
    • Advanced Settings
  • Central FIPS Licensing
• Global High Availablity
  • Introduction to Global HA and GTO
  • Planning GTO Deployment
    • Choosing a Deployment Model
    • Minimizing Configuration Differences
    • GTO Service Names and DNS Delegations
    • Provisioning Certificates
      • Let's Encrypt
      • Adding Certificates to SMA Appliances
      • Generating a Certificate Signing Request (CSR)
      • Importing SSL Certificates
  • Setting up GTO
    • Setting up the CMS and SMA appliances
    • Enabling GTO service for managed appliances with the CMS
    • Setting up a Basic GTO Service
    • Monitoring and Configuring GTO
    • Defining the Central Policy
  • Extending GTO Deployment
    • Enabling Cached Credentials
    • Additional Deployment Notes
• SonicWall Support
  • About This Document

Applying authentication servers to specific appliance

Prerequisites:

• SMA1000 CMS and minimum two managed appliances running firmware version 12.4.

To enable authentication server specific to appliance

1. Login to CMS.

2. Navigate to Managed Appliances > Configure.

3. Click Define Policy.

4. Under System Configuration, select Authentication Servers.

5. Click +New.

6. Select CMS Authentication Server as Authentication directory to create a Authentication server.

   

   CMS Authentication Server requires that all the authentication servers it maps to must be of the same type. For example, it can map a different AD authentication server configuration to different appliances, but it cannot map one appliance to AD and another to other authentication.

7. Enter the Name and select the Default Authentication Server.

   Not all authentication server types can be mapped. For example, local authentication is already shared across the cluster, so it cannot be mapped to an appliance in a CMS authentication server.

8. In the Appliance Authentication Server, select the required authentication server to be mapped.

   By default, the Use default option is set to all the appliance, like CMS address pools, a CMS authentication server has a default authentication server, then 0 or more appliances are mapped to other authentication servers of the same type.

9. Click Save and apply pending changes.

   

10. Proceed to synchronize policy.

    The Authentication server assigned to the specific appliance are enabled. The unassigned authentication servers are disabled after policy synchronization from CMS.

    During policy synchronization, the mapped appliance authentication server (or default if there is no mapping) is replaced in the appliance configuration.

• A CMS authentication server that is being used by a realm cannot be deleted.

• A non-CMS authentication server that is being used by a CMS authentication server cannot be deleted.

• A CMS authentication server can be a primary or secondary authentication server as long as the underlying authentication server type supports it.