SonicOS 8 Users

NTLM

NTLM browser authentication allows the SonicWall to automatically authenticate the user of a browser directly with no SSO agent involvement.

NTLM authentication is supported by Mozilla-based browsers and can be used as a supplement to identifying users via an SSO agent or, with some limitations, on its own without the agent. The firewall interacts directly with the browser to authenticate the user. Users logged in with domain credentials are authenticated transparently; in other cases the user may need to enter credentials to login to the appliance, but should only need to do so once as the credentials are saved.

  1. Navigate to the Device > Users > Settings > Authentication page.
  2. Next to Configure SSO, click Configure.

    The SSO Configuration page is displayed.

  3. Under the NTLM tab, select the following:

    1. Select Use NTLM to authenticate HTTP/HTTPS traffic to use NTML authentication.

    2. Select the Use the domain from the LDAP configuration to use the same domain that is used in the LDAP configuration.

    3. In Authentication domain, enter the full DNS name of the firewall’s domain in the form “www.somedomain.com”

    4. In Redirect the browser to this appliance via, select one of the following options to determine how a user’s browser is initially redirected to the firewall’s own Web server:

      • The interface IP address: Select this to redirect the browser to the IP address of the appliance Web server interface.

      • Its domain name from a reverse DNS lookup of the interface IP address: Enables the Show Reverse DNS Cache button at the bottom of the window; when clicked, a popup displays the appliance Web server’s Interface, IP Address, DNS Name, and TTL in seconds. Click the button to verify the domain name (DNS name) being used for redirecting the user’s browser.

      • Its configured domain name: Use the firewall's domain name as configured on the Device > Settings > Administration page.

      • The name from the administration certificate: Use the imported certificate that is selected for HTTPS Web Management on the Device > Settings > Administration page.

    5. Enter a number of retries in the Maximum retries to allow on authentication failure.

    6. If you are using older legacy servers that require legacy LAN Manager components to be included in NTLM messages, select the Forward legacy LanMan in NTLM.

    7. To detect when users log out, select the polling method to be used by the appliance for Windows, Linux, and Macintosh users in the On the poll timer, for users authenticated user via NTLM options. Select the one of the following methods for users on each type of computer:

      • Re-authenticate via NTLM: This method is transparent to the user if the browser is configured to store the domain credentials, or the user instructed the browser to save the credentials.

      • Don’t re-authenticate: If you select this option, logout will not be detected other than via the inactivity timeout.

  4. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden