SonicWALL SSL-VPN 2000 Administrator's Manual page 238

Optionally select the Enable client certificate enforcement checkbox to require the use of
Step 5
client certificates for login. By checking this box, you require the client to present a client
certificate for strong mutual authentication. Two additional fields will appear:
Verify user name matches Common Name (CN) of client certificate - Select this
•
checkbox to require that the user's account name match their client certificate.
Verify partial DN in subject - Use the following variables to configure a partial DN that will
•
match the client certificate:
User name: %USERNAME%
–
Domain name: %USERDOMAIN%
–
Active Directory user name: %ADUSERNAME%
–
Wildcard: %WILDCARD%
–
To require the use of one-time passwords for the specified user to log into the appliance, select
Step 6
the Require one-time passwords checkbox.
Enter the user's email address into the E-mail address field to override any address provided
Step 7
by the domain. For more information about one-time passwords, see the
Overview" section on page
To configure email to external domains (for example, SMS addresses or external webmail
Note
addresses), you need to configure the SMTP server to allow relaying between the SSL-VPN
and that domain.
To apply the policy you selected to a source IP address, select an access policy (Allow or
Step 8
Deny) in the Login From Defined Addresses drop-down list under Login Policies by Source
IP Address, and then click Add under the list box. The Define Address dialog box is displayed.
In the Define Address dialog box, select one of the source address type options from the
Step 9
Source Address Type drop-down list.
IP Address - Enables you to select a specific IP address.
–
IP Network - Enables you to select a range of IP addresses. If you select this option, a
–
Network Address field and Subnet Mask field appear in the Define Address dialog
box.
IPv6 Address - On SonicWALL SSL-VPN models 2000 and higher, this enables you to
–
select a specific IPv6 address.
IPv6 Network - On SonicWALL SSL-VPN models 2000 and higher, this enables you to
–
select a range of IPv6 addresses. If you select this option, a IPv6 Network field and
Prefix field appear in the Define Address dialog box.
Provide appropriate IP address(es) for the source address type you selected.
Step 10
IP Address - Type a single IP address in the IP Address field.
–
IP Network - Type an IP address in the Network Address field and then supply a
–
subnet mask value that specifies a range of addresses in the Subnet Mask field.
IPv6 Address - On SonicWALL SSL-VPN models 2000 and higher, type an IPv6
–
address, such as 2007::1:2:3:4.
IPv6 Network - On SonicWALL SSL-VPN models 2000 and higher, type the IPv6
–
network address into the IPv6 Network field, in the form 2007:1:2::. Type a prefix into
the Prefix field, such as 64.
Click Add. The address or address range is displayed in the Defined Addresses list in the Edit
Step 11
User Settings dialog box. As an example, if you selected a range of addresses with
10.202.4.32 as the network address and 255.255.255.240 (28 bits) as the subnet mask value,
28.
SonicWALL SSL VPN 4.0 Administrator's Guide
Users > Local Users
"One Time Password
225