SonicWall's SSO functionality (AD integration) requires an agent running on a machine somewhere on the network. It doesn't have to be a DC, but it does have to be a Windows OS. The agent does a WMI query against the client IP addresses requesting internet access and determines the logged in user.
On Tue, May 17, 2011 at 11:23 PM, Level 5 Lists <[email protected]> wrote: > We connected dual Sonicwalls for a 700 client office and did AD > integration, it required an app on the DC to run and sync back to the > Sonicwall IIRC. It didn't just pull LDAP queries. These were Sonicwall 5000 > series on 100MB fiber internet and gig metro-e ports. It did work however, > and we did OpenDNS in combination with the content filtering as a backup > option. I don't think we ever had an issue after the initial setup. > > On our smaller clients (10-50 or so) that use Sonicwall TZ devices, we > found ourselves using DHCP reservations, and doing whitelisting and bypass > filtering with separate logins. No real reporting so I wouldn't have much to > say on that. It only took a shortcut on the desktop for the 'admins' to get > to the Sonicwall login page to bypass. > > -----Original Message----- > From: Matthew W. Ross [mailto:[email protected]] > Sent: Tuesday, May 17, 2011 12:52 PM > To: NT System Admin Issues > Subject: RE: Sonicwall TZ100 content filtering > > Okay, I just got off the phone with the Sales Rep, and he assures me that > the new hardware will not run the "Basic" filtering at all, the only option > if you want filtering is the Premium. As you say, it's dirt cheap, so that's > okay. > > He also assures me that as long as we hook up the device to an LDAP or AD, > the user based security can do what we need. > > Thanks for all the feedback guys. This list is awesome. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Ben Serebin > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Tue, 17 May 2011 > 09:22:37 -0700 > Subject: RE: Sonicwall TZ100 content filtering > > > > Hello Matt, > > > > You can whitelist per IP ranges (school admin IPs will get youtube, > > while kids won't or vice versa) if you get the Premium version. I > > would only ever recommend the Premium version (skip Standard). Like > > someone else said, this is the basics, don't expect real reporting, > > etc. Just blocking. It works pretty well. It's also dirt cheap ($83 > > for the TZ100 see url below). It's almost free that that price. I'm > > not promoting this site (but I've bought via them before). I've also > > deployed WebSense one of the most full featured content filtering > > solutions on the market, but it sounds like you need real basic filtering > which is what SonciWall offers for CF. > > > > http://www.sonicguard.com/ContentFilteringService.asp > > > > Another trick is to use DHCP MAC address reservations and allow all > > the computers to use DHCP but control who gets IP based and then have > > the filtering work that way. Or good ol' static IPs. There are > > different ways to deploy this. > > > > -Ben > > > > -----Original Message----- > > From: Matthew W. Ross [mailto:[email protected]] > > Sent: Tuesday, May 17, 2011 11:55 AM > > To: NT System Admin Issues > > Subject: RE: Sonicwall TZ100 content filtering > > > > The feature we really need is user based access in it's most basic form. > > Users are able to access sites A, B, and C, but nothing else (your > > basic > > whitelist) while letting a privileged user to also go to sites X, Y, > > and Z while still being filtered from xxx.com. I do not require AD > > integration or in depth reporting in this case. > > > > > If you're trying to do more complex filtering (e.g. whitelisting per > > > AD logged on user, skip it)... > > > > Does this mean it cannot do what I require? Thanks again for your > feedback. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: Ben Serebin > > [mailto:[email protected]] > > To: NT System Admin Issues > > [mailto:[email protected]] > > Sent: Tue, 17 May 2011 > > 06:36:13 -0700 > > Subject: RE: Sonicwall TZ100 content filtering > > > > > > > Hello Matt, > > > > > > It works well if all computers are treated equally. Simple, > > > effective, and low cost. If you're trying to do more complex > > > filtering (e.g. whitelisting per AD logged on user, skip it), but if > > > you can whitelist based on IP ranges, it works well (requires CFS > > > Premium > > version). > > > > > > -Ben > > > > > > REEF Solutions > > > Technology & Exchange Server Consulting > > > ------------------------------------------------------------------ > > > Founder / President > > > New York Exchange User Group > > > 1st and Only Microsoft Exchange Server Group in NYC www.nyexug.com > > > > > > -----Original Message----- > > > From: Matthew W. Ross [mailto:[email protected]] > > > Sent: Tuesday, May 17, 2011 5:37 AM > > > To: NT System Admin Issues > > > Subject: Sonicwall TZ100 content filtering > > > > > > Sorry for the previous blank post, it was sent prematurely. > > > > > > I know some of you guys are fans of the SonicWalls. I'm looking at > > > the > > > TZ100 for a remote lab of 12 workstations. What I'd like your > > > opinion on is the content filtering feature. I'll be getting a sales > > > pitch tomorrow, I'm sure... But any feedback for or against the > > > filtering will be helpful while evaluating this solution. > > > > > > Thanks in advance. > > > > > > > > > --Matt Ross > > > Ephrata School District > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to [email protected] > > > with the body: unsubscribe ntsysadmin > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to [email protected] > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
