Dell SonicWall Network Security Appliance Integration
Last updated
Last updated
This guide explains the configuration of multi-factor authentication (MFA) for Dell SonicWall Network Security Appliance utilizing Mirket as the identity provider.
Prior configuration and deployment of SonicWall Network Security Appliance are required before setting up MFA with Mirket. SonicWall Network Security Appliance offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.
The integration was tested using SonicOS Enhanced 6.2.7.1-23n on SonicWall Network Security Appliance TZ 400.
Before proceeding with these procedures, ensure the following:
You've completed the installation and configuration of the Mirket (go to Mirket Installation Steps).
End-users can access the SonicWall Network Security Appliance.
For RADIUS authentication in the SonicWall Network Security Appliance, you need to configure a RADIUS server (the Mirket server IP address) within the users configuration.
Access the SonicWall Network Security Appliance web UI.
Go to Users > Settings.
Click on the Configure RADIUS option.
Input 60 in the RADIUS Server Timeout(seconds) field.
Choose the Simple-Name option from the User Name Format dropdown list.
Input the IP address of the Mirket (Radius Server) in the Name or IP Address field, under the Primary Server section.
Input the port number for communication with the Mirket (Radius Server) in the Port Number field, under the Primary Server section. The default ports are 1812 and 1645.
Select the RADIUS Users tab. Then choose the Use RADIUS Filter-Id attribute on RADIUS server radio box.
Choose SSLVPN Services option from the Default user group to which all RADIUS users belong dropdown list. Then click on OK to confirm settings.
Afterward, activate RADIUS user authentication in the user authentication settings.
Go to Users > Settings.
Choose the RADIUS option from the User authentication method dropdown list. Then click on Accept to confirm settings.
Go to SSL VPN > Server Settings. Then, choose WAN option under the SSL VPN Status on Zones section.
Input the port number to use in the SSL VPN Port field.
Enter your domain name in the User Domain field. Then, click on Accept to confirm settings.
Go to SSL VPN > Client Settings. Then click on the Configure option under the Default Device Profile section.
Choose Create a new network option from the Network Address IPV4 dropdown list.
Enter a identifier network name in the Name field.
Choose Network option from the Type dropdown list.
Input an IP address in the Network field.
Input a network mask value in the Netmask/Prefix Length field. Then click on OK to confirm settings.
Now, you can choose the network you created from the Network Address IPV4 dropdown list.
Select the Client Routes tab. Then, choose one or more networks from the Networks list and include them in the Client Routes list.
Select the Client Settings tab and configure your client settings. Then click on OK to confirm settings.
To enable Mirket to receive authentication requests from SonicWall, follow these steps:
Define SonicWall as a RADIUS client resource within Mirket.
Create an authentication policy for the SonicWall RADIUS client resource or include it in an existing authentication policy.
Attach the SonicWall resource to the Mirket Radius.
Before starting, ensure that you have installed NPS (Network Policy Server) from Server Manager. Once installed, open the Network Policy Server. To add a Radius Client to the NPS, follow these steps:
Click on the 'Radius Clients and Server' folder and select the 'Configure Radius Clients' option.
Hover over the 'Radius Clients' option, right-click using the mouse, and select New.
In the window that appears, assign a name to your Radius Client in the Friendly Name section.
Enter the IP address of your firewall in the Address (IP or DNS) section.
Select either the 'Manual' or 'Generate' option to enter your secret key in the Secret Key section.
Click OK to confirm settings.
To set up multifactor authentication, make sure you have at least one user group in Mirket.
If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.
If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.
Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).
First, you should follow these steps:
Select Rules > Radius Rules.
Click on Add New.
Enter a rule name in the Name field.
Enter the rule description in the Description field.
Select the group to which the rule applies from the Group dropdown list.
Select the provider to which the rule applies from the Provider dropdown list.
Select the authorization profile to which the rule applies from the Authorization dropdown list.
Click on Save to confirm settings.
To validate the integration between Mirket MFA and your SonicWall Network Security Appliance, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.
In this example, we illustrate the use of the Approve/Deny authentication method.
Launch the SonicWall NetExtender client application.
Input the SonicWall Network Security Appliance WAN Interface IP address and SSL VPN port in the Server field.
Enter your Mirket username in the Username field.
Input the password in the Password field.
Enter the domain for your remote SSL VPN connection in the Domain field.
Click on Connect. Then, select the 'Approve' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.
Click on the Accept option in the Security Alert warning box.
Input a shared secret key to communicate with the RADIUS server (Mirket Radius) in the Shared Secret field, under the Primary Server section. In Mirket use this same secret key when .
