Table of Contents
Advertisement
When importing a user from AD, the user is placed into the local Secure Mobile Access group with which they
have the most AD groups in common. For example: Bob belongs to the Users, Administrators, and Engineering
AD groups. If one Secure Mobile Access group is associated with Users, and another is associated with both
Administrators and Engineering, Bob is assigned to the Secure Mobile Access group with both Administrators and
Engineering because it matches more of his own AD groups.
The goal of this use case is to show that Secure Mobile Access firmware supports group-based access policies by
configuring the following:
•
Allow Acme Group in Active Directory to access the 10.200.1.102 server using SSH
•
Allow Mega Group in Active Directory to access Outlook Web Access (OWA) at 10.200.1.10
•
Allow IT Group in Active Directory to access both SSH and OWA resources defined previously
•
Deny access to these resources to all other groups
This example configuration is provided courtesy of Vincent Cai, June 2008.
Figure 67. Network Topology
Perform the tasks in order of the following sections:
•
Creating the Active Directory Domain
•
Adding a Global Deny All Policy
•
Creating Local Groups
•
Adding the SSHv2 PERMIT Policy
•
Adding the OWA PERMIT Policies
•
Verifying the Access Policy Configuration
Creating the Active Directory Domain
This section describes how to create the Secure Mobile Access Local Domain, SNWL_AD. SNWL_AD is associated
with the Active Directory domain of the OWA server.
1
Log in to the Secure Mobile Access management interface and navigate to the Portals > Domains page.
on page
on page
456
on page
457
on page
459
on page
460
on page
455
462
Dell SonicWALL Secure Mobile Access 8.5
455
Administration Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
