Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

SonicWall SSO and RADIUS Accounting

This thread has been viewed 6 times

  • 1.  SonicWall SSO and RADIUS Accounting

    Posted Aug 29, 2013 12:54 PM

    Hi,

     

    We are in the midst of configuring an Aruba solution which utilises a SonicWall appliance to apply policy to AD authenticated users.

    It does so by establishing RADIUS Accounting relationships and inspecting the packets for AD usernames which it subsequently lookups against AD.

     

    All accounting messages are working between the Clearpass and Aruba controllers, but how can I forward these on to the SonicWall appliance?

     

    The Clearpass is correctly authenticating AD users and applying the correct user roles, so am happy that is working as expected.



  • 2.  RE: SonicWall SSO and RADIUS Accounting

    Posted Sep 02, 2013 09:29 AM

    You can't forward on the RADIUS accounting packets. You can defined multiple RADIUS servers in the server group on the controller but the 2nd server only gets used if the 1st server doesn't respond.



  • 3.  RE: SonicWall SSO and RADIUS Accounting

    Posted Sep 03, 2013 03:36 AM

    Hi David,

     

    Yeah I managed to find a similar post in the end. We have found a way to achieve this though by having the Sonicwall appliance forward on the RADIUS Accounting messages from the WLCs to the CPPM. Still some testing to do, but on the face of it, all would appear to be working as expected.

     

    Thanks again.



  • 4.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 19, 2015 02:10 AM

    Hi,

    Wondering if you could share your experiance in here of what configuration you did on Sonicwall or you controllers in order for Sonicwall to see the Wireless users as authenticated users.

    Thanks,

     



  • 5.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 19, 2015 02:29 AM
    Hi Habibalby,

    It's been some time since I worked on this, but I believe we setup the SonicWall as our RADIUS accounting server on the WLC. The SonicWall appliance would then use these accounting packets in its SSO configuration to find the username and state and then forward the accounting packets on to Clearpass. Hope this helps!


  • 6.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 19, 2015 02:34 AM

    Hello,

    Thanks for your reply, I have defined our Sonicwall into WLC 5508 as accounting Server, and defined the same configuration in Sonicwall as well, but I can't get it working :)

    Regards,



  • 7.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 19, 2015 03:23 AM
    Have you tried the suggested configuration as per the link
    https://support.software.dell.com/kb/sw11075


  • 8.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 19, 2015 03:30 AM

    Hi,

    Yes, I have tried this method  and watched couple of youtube vidoes, but not luck :)  And my configuration it looks the same how it listed in the KB artical.

     

    Regards,

     



  • 9.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 19, 2015 10:43 AM

    In ArubaOS 6.4 you can define multiple RADIUS accounting servers so this would also get around the problem.



  • 10.  RE: SonicWall SSO and RADIUS Accounting

    EMPLOYEE
    Posted Jun 19, 2015 11:04 AM
    What version of cppm?


  • 11.  RE: SonicWall SSO and RADIUS Accounting

    Posted Jun 20, 2015 05:27 AM

    Hi,

    it's 6.5.0.31375  - CP-HW-5K 

    Sonicwall Version NSA E-Class 6600 Firmware version: SonicOS Enhanced 6.2.2.1-14n