Dell SonicWALL Directory Services

Connector 4.0
Administration Guide

2016 Dell Inc.

ALL RIGHTS RESERVED.

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a
software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the
applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchasers personal use without the written
permission of Dell Inc.
The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or
otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT
AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO
LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR
INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS
OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of
the contents of this document and reserves the right to make changes to specifications and product descriptions at any time
without notice. Dell does not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Dell Inc.
Attn: LEGAL Dept.
5 Polaris Way
Aliso Viejo, CA 92656
Refer to our website (software.dell.com) for regional and international office information.
Patents
For more information, go to http://software.dell.com/legal/patents.aspx.
Trademarks
Dell, the Dell logo, SonicWALL, and all other SonicWALL product and service names are trademarks of Dell Inc. Other trademarks
and trade names may be used in this document to refer to either the entities claiming the marks and names or their products.
Dell disclaims any proprietary interest in the marks and names of others.

Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
Dell SonicWALL Directory Services Connector Administration Guide
Updated - December 2016
Software Version - 4.0
232-002911-00 Rev. C

Contents
Part 1. Introduction
Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Organization of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Directory Services Connector Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About Directory Services Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About Polling and Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
About Single Sign-On and the SSO Agent with Active Directory . . . . . . . . . . . . . . . . 8
About User Identification Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
About Client Probing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
About Domain Controller Querying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
About Exchange Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
About Novell eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
About Using Samba on Linux/UNIX Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
About NetBIOS Name Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Platform Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
SonicWALL Appliance/Firmware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . .13
Virtual Environment Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
eDirectory Server Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Exchange Server Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Domain Controller Server Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
SSO Agent Platform Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Client Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Citrix or Terminal Services Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Part 2. Installation and Configuration

Installing and Configuring the SSO Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Installing the SSO Agent with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Installing the SSO Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Installed Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Configuring Dell SonicWALL Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Configuring SSO Agent Communication Properties . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Configuring Domain Controller Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Configuring Exchange Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Configuring Novell eDirectory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Configuring Remote SSO Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Using the Configuration Tool Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Using the File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Using the View Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Using the Action Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Using the Help Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

Part 3. Appendices
Warranty and Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
GNU General Public License (GPL) Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Limited Hardware Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
End User Licensing Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
About Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

Part 1
Introduction
Using This Guide
Directory Services Connector Overview

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

1
Using This Guide
About This Guide
The Dell SonicWALL Directory Services Connector Administration Guide provides information about installing
and configuring the Dell SonicWALL Single Sign-On Agent and other elements of Directory Services Connector
(DSC).
Always check https://support.sonicwall.com/ for the latest version of this manual as well as other Dell
SonicWALL products and services documentation.

Organization of This Guide

The Dell SonicWALL Directory Services Connector Administration Guide is structured into the following parts:

Chapter 1 Using this Guide

This chapter provides helpful information for using this guide. It includes conventions used in this guide,
information on how to obtain additional product information, and a summary of the chapters in the guide.

Chapter 2 Directory Services Connector Overview

This chapter provides an overview of Directory Services Connector. It includes an introduction to DSC,
information about user identification methods, and platform compatibility information.

Chapter 3 Installing and Configuring the SSO Agent

This chapter provides installation and configuration procedures for the various components of the SSO Agent
and DSC Configuration Tool.

Appendix A Support Information

This appendix provides the Limited Hardware Warranty, End User Licensing Agreement, and Dell SonicWALL
Support contact information.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

2
Directory Services Connector Overview
This section provides an overview of the Dell SonicWALL Directory Services Connector (DSC). It includes an
introduction to DSC and the SSO Agent, along with the supported user identification methods and platform
compatibility.

Topics:

About Directory Services Connector on page 7

About User Identification Methods on page 9

Platform Compatibility on page 13

About Directory Services Connector

Dell SonicWALL Directory Services Connector includes the Dell SonicWALL Single Sign-On Agent (SSO Agent) as
well as certain configuration functions. The SSO Agent provides centralized user identification to Dell
SonicWALL network security appliances, interacting with the SonicOS Single Sign-On feature.
Directory Services Connector provides integration with both Active Directory and Novell eDirectory. Specifically,
these are supported as follows:
1

Dell SonicWALL SuperMassive series, E-Class NSA series, NSA series, and TZ
600/500/400/300/215/210/205/200/105/100 series appliances to achieve transparent, automated
Single-Sign-On integration with both Active Directory and Novell eDirectory.

SonicWALL PRO and TZ 190/180 series appliances to achieve Single-Sign-On integration with Active
Directory.

The Dell SonicWALL appliance can use Active Directory or Novell eDirectory to authenticate users and determine
the filtering policies to assign to each user or user group. The SSO Agent identifies users by IP address and
automatically determines when a user has logged out to prevent unauthorized access.
Along with the username information, the SSO Agent sends the following information to the appliance:

The Domain Controller on which information about logged in users is found.

The User Detection mechanism used by the Agent to find logged in users.
NOTE: It is normal for the system running Dell SonicWALL Directory Services Connector to have high CPU
activity for the first 24 hours after installation, while the software creates a database of the user
network.

Topics:

About Polling and Notification on page 8

About Single Sign-On and the SSO Agent with Active Directory on page 8

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

About Polling and Notification

The SSO Agent can work both passively and actively. In the default configuration, both methods are used.
In passive mode, SonicOS on the Dell SonicWALL network security appliance sends a request that contains an IP
address to the SSO Agent. The SSO Agent identifies the username associated with the IP address and then sends
the result back to SonicOS.
In active mode, the SSO Agent attempts to detect user logon and logoff events and sends notifications to
SonicOS.

About Single Sign-On and the SSO Agent with Active

Directory
Single Sign-On (SSO) is a transparent user-authentication mechanism that provides privileged access to multiple
network resources with a single workstation login. Dell SonicWALL security appliances provide SSO functionality
using the Dell SonicWALL Single Sign-On Agent (SSO Agent) to identify user activity based on workstation IP
address.
SSO is configured in the Users > Settings page of the SonicOS management interface. SSO is separate from the
authentication method for login settings that can be used at the same time for authentication of VPN/L2TP
client users or administrative users.
The Dell SonicWALL SSO Agent identifies users by polling/monitoring security log in Active Directory server and
sends user login/logout notification to the appliance when it detects user login/logout. See Figure 1. Based on
data from the SSO Agent, the Dell SonicWALL security appliance queries LDAP or the local database to
determine group membership. Memberships are optionally checked by firewall policies to control who is given
access, and can be used in selecting policies for Content Filtering and Application Firewall to control what they
are allowed to access.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

Figure 1. Identifying users

Note to Step 6: The appliance polls users if the identify mechanism is WMI/NetAPI. If the identify
mechanism is DC Security log mode, the SSO Agent sends log off notifications to the firewall.

User names learned through SSO are reported in the Dell SonicWALL appliance logs of traffic and events from
the users. The configured inactivity timer applies with SSO, but the session limit does not, though users who are
logged out are automatically and transparently logged back in when they send further traffic.
Users logged into a workstation directly, but not logged into the domain, cannot be authenticated. For users
that are not logged into the domain, an Authentication Required screen displays, indicating that a manual login
is required for further authentication. If the workstation joins the Windows domain, the logged on user can be
detected by WMI/NetAPI. The returned user name includes a Local: prefix. For example, Local:user01.
Users that are identified, but lack the group memberships required by the configured policy rules, are
redirected to an Access Barred page.

About User Identification Methods

The SSO Agent supports the user identification methods described in the following sections:

About Client Probing on page 10

About Domain Controller Querying on page 10

About Exchange Servers on page 11

Dell SonicWALL Directory Services Connector 4.0
Administration Guide

About Novell eDirectory on page 11

About Using Samba on Linux/UNIX Clients on page 12

About NetBIOS Name Support on page 12

About Client Probing

Client Probing includes both Windows Management Instrumentation (WMI) and NetAPI probing methods.
WMI is the infrastructure for management data and operations on Windows-based operating systems. The SSO
Agent sends a WMI request to the client, and then determines the username and domain name by examining
certain processes on the client machine.
NetAPI is another interface based on Windows DCE-RPC service. In this case, the SSO Agent sends a request that
lists the users logged into the client workstation. This list includes interactive, service and batch log ons. The
SSO Agent then determines the correct user name in this list. The NetAPI method is much faster than the WMI
method, but might not always yield a correct username.
Windows Firewall might block both methods by default. To enable:

WMI methods in the Windows Firewall, you can select Windows Management Instrumentation in the
Control Panel > All Control Panel Items > Windows Firewall > Allowed Programs.

The NetAPI method in Windows Firewall, you can select File and Printer Sharing.

Because the Windows API does not provide an interface to set the timeout for both probing methods, the
default timeout is set to three seconds when the IP address is not accessible or when the connection is dropped
by the Windows Firewall. The SSO Agent first creates a TCP connection to the target machine to check the
connectivity. For WMI, the port is 445. For NetAPI, the port is 135. The default timeout is 3 seconds for both
methods.
If a user logs onto a machine using a local account instead of a Windows domain account, the SSO Agent can
only identify this user through a Client Probing method. This is because the other methods all involve Active
Directory. When the administrator enables the WMI/NetAPI Scanner option in Directory Services Connector, the
SSO Agent will repeatedly probe these IP addresses using Client Probing methods. The SSO Agent can detect
when the user has logged off, and it sends a log off notification to SonicOS.

About Domain Controller Querying

The Domain Controller (DC) is a server that responds to security authentication requests (logging in, checking
permissions, and so on), within the Windows Server domain. Two methods are supported that identify users who
log on to the Windows domain. They are the DC Security Log and Server Session methods.
Topics:

About DC Security Logs on page 10

About Server Sessions on page 11

About Enabling Audit Logs in DC Policy on page 11

About Using Non-Admin Accounts to Access the DC Security Logs for SSO on page 11

About DC Security Logs

In Microsoft Windows, the Security Log contains records of log in and log out activity or other security-related
events specified by the system's audit policy. When a domain user tries to log in to the domain network, the
domain controller logs a message in the security log. The SSO Agent monitors event messages with specific
Event IDs, and notifies SonicOS of the user information and logoff status.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

10

About Server Sessions

Any connection to a file or print service creates a session in the servers session table. In the normal
operation of an AD domain, users on Windows systems connect to the sysvol share on the domain controller to
check for new Group Policy Objects every one to two hours. The user appears in the session table for about five
minutes each time. Log out messages are sent to the firewall when the SSO Agent cannot find the user after two
hours.
Usually, Server Sessions is a more efficient method than DC Security logs, but sometimes, Server Sessions is not
as accurate. In multiple domain environments, incorrect domain names might be reported. If the user switches
between two logged on usernames, the SSO Agent cannot detect it.

About Enabling Audit Logs in DC Policy

Audit Logon is disabled by default in Windows Server. Steps to enable Audit Logon are provided in the following
sections:

Setting Group Policy to Enable Audit Logon on Windows Server 2008 on page 34

Setting Group Policy to Enable Audit Logon on Windows Server 2003 on page 35

About Using Non-Admin Accounts to Access the DC Security

Logs for SSO
SSO Agent service users do not have to be domain administrators. You can also use a normal domain user with
some additional permissions granted, for access. For more information, refer to the Configuring a Non-Admin
Domain Account for SSO Agent to Read Domain Security Logs Configuration Guide.

About Exchange Servers

When a user logs on to a computer that is not in the domain, the DC server does not have the user and IP
address information. Typically, this is handled by the Client Probing method. You can also use the Exchange
Server to identify the user.
This works only as a supplement to the Domain Security Log method. Although it works for machines not joined
to a domain, it only works if users use Microsoft Outlook after logging in.
If the user opens Outlook to send or receive mail using a domain user name and credentials, both the DC and
Exchange Server log events for this activity. On the DC, the event is logged, but the IP address given is not the
real source. Instead, it points to the Exchange Server. On the Exchange server, a security log entry is made that
contains both the user name and the source IP address. Each time Outlook receives email; there is also an event
recorded by the Exchange server. The SSO Agent can monitor these events in the Exchange security log.

About Novell eDirectory

Novell eDirectory (formerly known as Novell Directory Services (NDS), sometimes referred to as NetWare
Directory Services) is an X.500-compatible directory service software product initially released in 1993 by Novell
for centrally managing access to resources on multiple servers and computers within a given network.
eDirectory is a hierarchical, object oriented database used to represent certain assets in an organization in a
logical tree, including organizations, organizational units, people, positions, servers, volumes, workstations,
applications, printers, services, and groups.
When a user logs on to an eDirectory network, the users IP address is added to the networkAddress field in the
user's record. If the user logs on to the eDirectory network multiple times from different machines, there will
be multiple networkAddress fields. If the user logs off the eDirectory network properly, the corresponding
networkAddress field is removed immediately. Otherwise the field is kept for some time before it is removed.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

11

For this user identification method, the SSO Agent repeatedly queries the eDirectory using the LDAP protocol;
see Figure 2.
Figure 2. User identification with eDirectory

The sequence of events shown in Figure 2 is:

1

The user logs into the network and authenticates with eDirectory.

The user initiates a request for an Internet resource (such as a Web page, an audio or video stream, or a
chat program). The Dell SonicWALL network security appliance detects the request.

The Dell SonicWALL appliance queries the SSO Agent.

The SSO Agent queries the eDirectory server about the user.

The SSO Agent communicates the users content filtering policies to the Dell SonicWALL appliance, based on the
users individually assigned policies and any policies inherited from groups and from organizational units. The
Dell SonicWALL appliance allows, logs, or blocks the users request, based on the users content filtering
policies.

About Using Samba on Linux/UNIX Clients

Samba 3.0 or newer can be installed on Linux/UNIX clients for use with Dell SonicWALL SSO. Samba is a software
package used on Linux/UNIX machines to give them access to resources in a Windows domain (by way of
Sambas smbclient utility). A user working on a Linux PC with Samba in a Windows domain can be identified
through the SSO, but it requires proper configuration of the Linux PC, and possibly some reconfiguration of the
appliance, as described in the Using Single Sign-On with Samba technote.
Without Samba, Linux PCs do not support the Windows networking requests that are used by the Dell SonicWALL
SSO Agent, and therefore, do not work with NetAPI or WMI client probing methods. Linux users can still get
access, but they need to log in to do so. They can be redirected to the login prompt if policy rules are set to
require authentication.
Without Samba, the DC Security Log method will work for using Single Sign-On with Linux clients.

About NetBIOS Name Support

Windows provides support for applications that use the NetBIOS networking APIs and the flat NetBIOS names.
This allows identification of Windows domains for computers that are running Windows. A fully qualified domain
name (FQDN), sometimes also referred to as an absolute domain name, is a domain name that specifies its

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

12

exact location in the tree hierarchy of the Domain Name System (DNS). It specifies all domain levels, including
the top-level domain and the root zone.
Both the NetBIOS name and the FQDN domain name can be found through an LDAP search. The SSO Agent
connects to the DC using these service credentials and completes the LDAP search.
The SSO Agent remembers these names and sends the correct domain name to the firewall according to the
administrators configuration of the SSO Agent. By default, it sends the NetBIOS name.

Platform Compatibility
To use Dell SonicWALL Single Sign-On, it is required that the SSO Agent be installed on a server that can
communicate with the Active Directory or eDirectory server and with clients and the Dell SonicWALL security
appliance directly using the IP address or using a path, such as VPN. The following requirements must be met in
order to run the SSO Agent:

Port 2258 must be open; the firewall uses UDP port 2258 by default to communicate with the SSO Agent;
if a custom port is configured instead of 2258, then this requirement applies to the custom port

Windows Server, with latest service pack

.NET Framework 4.0 or above

NetAPI or WMI (unless using DC Windows Security Log as the Client Probing Method)

The SSO Agent must run under Domain Admin privileges

Dell SonicWALL Directory Services Connector and SSO Agent runs as either a 32-bit or 64-bit application. This
improves the performance of 64-bit agent machines, especially in cases where the agent is set to use NetAPI or
WMI as the Client Probing Method.
Topics:

SonicWALL Appliance/Firmware Compatibility on page 13

Virtual Environment Compatibility on page 14

eDirectory Server Compatibility on page 14

Exchange Server Compatibility on page 14

Domain Controller Server Compatibility on page 14

SSO Agent Platform Compatibility on page 15

Client Compatibility on page 15

Citrix or Terminal Services Compatibility on page 16

SonicWALL Appliance/Firmware Compatibility

SonicWALL Directory Services Connector is a supported release for use with the following SonicWALL platforms:

SuperMassive 9200 / 9400 / 9600 running SonicOS 6.1 and above

SuperMassive E10200 / E10400 / E10800 running SonicOS 6.0.x

NSA 2600 / 3600 / 4600 / 5600 / 6600 running SonicOS 6.1 and above

NSA E-Class E5500 / E6500 / E7500 / E8500 / E8510 running SonicOS 5.0 and above

NSA 240 / 2400 / 3500 / 4500 / 5000 running SonicOS 5.0 and above

NSA 220 / 220W / 250M / 250MW running SonicOS 5.8.1 and above

SOHO running SonicOS 5.9.1.3 and above

SOHO W running SonicOS 6.2.4.0 and above

Dell SonicWALL Directory Services Connector 4.0
Administration Guide

13

TZ600 / TZ500 / TZ400 / TZ300 running SonicOS 6.2.3.1 and above

TZ500W / TZ400W / TZ300W running SonicOS 6.2.4.0 and above

TZ 215 / 215W / 205 / 205W / 105 / 105W running SonicOS 5.8.1 and above

TZ 210 / 210W / 200 / 200W / 100 / 100W running SonicOS 5.0 and above

TZ 190 / 190W / 180 / 180W running SonicOS 4.0 and above

PRO 2040 / 3060 / 4060 / 4100 / 5060 running SonicOS 4.0 and above
NOTE: SonicOS 5.5 or newer is required for Novell eDirectory Support.
NOTE: SSO Agent performance is sensitive to the round trip network time during frequent information
exchanges with the network security appliance. The Agent machine should be as close as possible to the
appliance for a recommended round-trip time of less than 1 ms.

Virtual Environment Compatibility

Recommended Virtual Environments for Directory Services Connector include:

VMware ESX 5.5

VMware ESX 5.1

VMware ESX 4.x

Microsoft Hyper-V 2012 R2

Microsoft Hyper-V 2008 R2

Virtual Machine host configuration requirements:

OS - Windows Server 2008/2012 R2 32-bit/64-bit

CPU Intel Xenon (4 processors)

Memory - 4GB

eDirectory Server Compatibility

SonicWALL Directory Services Connector is supported for use with the following eDirectory servers:

Novell eDirectory 8.8.5

Novell eDirectory 8.8.7

Exchange Server Compatibility

SonicWALL Directory Services Connector is supported for use with the following exchange servers:

Exchange server 2010

Exchange server 2013

Domain Controller Server Compatibility

SonicWALL Directory Services Connector is supported for use with Domain Controllers running the following
operating systems:

Windows Server 2012 64-bit

Windows Server 2012 R2 64-bit

Dell SonicWALL Directory Services Connector 4.0
Administration Guide

14

Windows Server 2008 R2 64-bit

Windows Server 2008 32/64-bit

Windows Server 2003 R2 32/64-bit

It is recommended to run the SSO Agent service using a domain administrator account. An account with fewer
permissions, such as a domain user account, does have sufficient privileges for all service components to
interact with the Domain Controller.

SSO Agent Platform Compatibility

NOTE: For best performance, SonicWALL recommends installing the SSO Agent on a dedicated system.
SonicWALL Directory Services Connector and SSO Agent are supported for installation on 32-bit and 64-bit
Windows systems running the following operating systems:

Windows Server 2012 64-bit

Windows Server 2012 R2 64-bit

Windows Server 2008 R2 64-bit

Windows Server 2008 32/64-bit

Windows Server 2003 R2 32/64-bit

Windows 8 32/64-bit

Windows 7 32/64-bit

Windows Vista 32/64-bit

Windows XP 32/64-bit

On all Windows 32-bit and 64-bit servers, a .NET Framework must be installed. The following versions of.NET
Framework are supported:

.NET Framework 4.5

.NET Framework 4.0

The following Microsoft Windows operating systems are not supported as servers:

Windows 2000 All versions

NOTE: Windows Server 2008 and higher or Windows 7 and higher are recommended.

Limitations
The following limitations exist in Windows operating systems prior to Windows Server 2008 or Windows 7:

Certain Windows API elements are not supported, including the Event Subscription API for
communicating with the Domain Controller. This requires Directory Services Connector to use the WMI
event subscription mechanism on older Windows versions, which is much slower than event subscription.

The SMB2 protocol is not supported on older Windows versions.

Single Sign-On related functions may operate at approximately half the performance on older Windows
versions.

Client Compatibility
Directory Services Connector is compatible with the following client operating systems for the purpose of
determining the logged in username and other information necessary for user authentication:

Windows 8 32/64-bit
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

15

Windows 7 32/64-bit

Windows Vista 32/64-bit

Windows XP 32/64-bit

Citrix or Terminal Services Compatibility

The Dell SonicWALL SSO Agent is not supported in a Citrix or Terminal Services Environment.
In these environments, you can use the Dell SonicWALL Terminal Services Agent (TSA) to communicate with the
SonicOS Single Sign-On feature.
The TSA is not included as part of Dell SonicWALL Directory Services Connector. For more information about the
TSA, see the latest Terminal Services Agent Release Notes and the latest SonicOS Administration Guide,
available at: https://support.sonicwall.com/.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

16

Part 2
Installation and Configuration
Installing and Configuring the SSO Agent

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

17

3
Installing and Configuring the SSO Agent
This section provides information about installing and configuring the SSO Agent using the Directory Services
Configuration Tool.
NOTE: For best performance, SonicWALL recommends installing the SSO Agent on a dedicated system.
When using NetAPI or WMI, one SSO Agent can support up to approximately 2500 users, depending on the
performance level of the hardware that it is running on, how it is configured on the firewall and other networkdependent factors. When configured to read from domain controller security logs, one SSO Agent can support a
much larger number of users identified via that mechanism, potentially 50,000+ users depending on similar
factors.

Topics

Installing the SSO Agent with Active Directory on page 18

Configuring Dell SonicWALL Devices on page 24

Configuring SSO Agent Communication Properties on page 25

Configuring Domain Controller Settings on page 32

Configuring Exchange Server Settings on page 37

Configuring Novell eDirectory Settings on page 38

Configuring Remote SSO Agents on page 39

Using the Configuration Tool Menus on page 40.

Installing the SSO Agent with Active

Directory
When using SSO with Windows, install the SonicWALL SSO Agent on a host on your network that has access to the
Active Directory server, the Dell SonicWALL network security appliance, and all client workstations.
IMPORTANT: For best performance, SonicWALL recommends installing the SSO Agent on a dedicated
system.
IMPORTANT: To run the SSO agent, .NET Framework v4.0 must be installed. If it is not installed, an error
message appears.

Topics:

Installing the SSO Agent on page 19

Installed Files on page 24

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

18

Installing the SSO Agent

To install the Dell SonicWALL SSO Agent for use with AD:
1

Download one of the following installers, depending on your computer:

SonicWALL Directory Connector (32-bit) 4.0.24.exe

SonicWALL Directory Connector (64-bit) 4.0.24.exe

You can find these on https://www.mysonicwall.com under Directory Services Connector. The installer is
an MSI file signed by SonicWALL Inc.
2

To begin installation, double-click the installer.

The installer uninstalls the previous SSO Agent automatically if its version is equal to or greater than 4.0.
You can have both SSO Agent 3.x and SSO Agent 4.x installed at the same time, although only one can be
running because they use the common port.

In the Welcome screen, click Next to continue the installation.

The License Agreement screen displays.

Accept the terms of the license agreement, and then click Next.
TIP: To print a copy of this agreement, click Print.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

19

The Destination Folder screen displays.

Select the destination folder:

To use the default folder, C:\Program Files\Dell SonicWALL\SSOAgent\, click Next.

To specify a custom location, click Change, select the folder, and then click Next.

What displays next, depends on whether this is a new installation or an upgrade:

For new installations, the Service User Configuration screen displays. Go to Step 7.

If your system has an older version of DSC SSO, a Service Configuration screen displays asking if
you want to use the existing configuration. The Check this check box if want to use old
configuration checkbox is selected by default.

Do one of these:

To use the old configuration, click Next. The Service User Configuration screen displays. Go to
Step 7.

To reconfigure the SSO product, uncheck Check this check box if want to use old configuration.
and click Next.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

20

Use the Service User Configuration screen to configure a common service account that the SSO Agent
will use to log into a specified Windows domain.

TIP: This section can be configured at a later time. To skip this step and configure it later, click
Skip. Go to Step 8.
a

Enter the domain name of the account in the Domain Name field.

Enter the username of an account with administrative privileges in the Username field.

Enter the password for the account in the Password field.

Click Next.

The Appliance Configuration screen displays.

8

Use the Appliance Configuration screen to configure the IP address and port used for communication
with the firewall.

Enter the IP address of your Dell SonicWALL security appliance in the Dell SonicWALL Appliance
IP field.

Type the port number for the same appliance into the Dell SonicWALL Appliance Port field. The
default port number is 2258.

Enter the hexadecimal representation (an even number of digits using only hexadecimal numbers)
of the shared key in the Shared Key field.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

21

Click Next. The Install screen displays.

Click Install to begin the installation. A Installing progress screen displays.

10 Wait for the installation to complete. A warning screen requesting permission to install files may display;
click OK.
The status bar displays while the SonicWALL SSO Agent installs.

Program and service files are installed, including the SSOAgentService. If the SSO Agent 3.x service is
running, the installer stops that service and then starts the newly installed service.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

22

A Completed screen displays.

IMPORTANT: To run the SSO agent, .NET Framework v4.0 must be installed. If it is not installed, an
error message appears:

11 When the installation is complete, optionally select the Launch Dell SonicWALL Directory Connector
checkbox to launch the Dell SonicWALL Directory Connector Configuration Tool. This option is not
selected by default.
12 Click Finish.
If you selected the Launch Dell SonicWALL Directory Connector checkbox, the Directory Connector
Configuration Tool displays.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

23

Installed Files
Topics:

Program Files on page 24

Log Files on page 24

Program Files
The installer places all the program files into C:\Program Files\Dell SonicWALL\SSOAgent by default:

SSOAgentUI.exe is the configuration UI program.

SSOAgentService.exe is the service program.

Plugins\SSOAgent.dll is a part of the service program.

Config.xml is the main configuration file.

The following additional files may also exist in that directory:

static.csv is used for automation load testing.

Users.xml is the user list that is saved during service restart.

The installer also creates short cuts in the Start menu and on the desktop.

Log Files
Log files and crash dump files are placed in C:\ProgramData\Dell SonicWALL\SSOAgent.

Configuring Dell SonicWALL Devices

To display all the configured Dell SonicWALL network security appliances, click on Dell SonicWALL Appliances in
the left panel of the DSC Configuration Tool.

The Friendly Name, Port, IP address, and Status of each appliance is displayed.

To add a Dell SonicWALL appliance to the SSO Agent:

1

Launch the Directory Services Connector Configuration Tool either from the Start menu or by doubleclicking the desktop shortcut.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

24

Right-click Dell SonicWALL Appliances, and then select Add.

In the Appliance IP field, type in the IP address of the firewall.

In the Appliance Port field, accept the default port of 2258 or type in a custom port. The appliance
sends the SSO protocol packets to the Agent on this port.

In the Friendly Name field, type in a descriptive name for this appliance.

In the Shared Key field, do one of the following:

Type in a hexadecimal number of up to 16 characters (use an even number of characters) to use

as the key for encrypting messages between the Dell SonicWALL appliance and the SSO Agent. You
must also enter the same key when configuring the SSO Agent to communicate with the
appliance.

Click the Generate Key button to let the computer generate a random shared key.

Select the Check to show Shared key as clear Text checkbox to view the key in clear text. This option is
not selected by default.

Click OK to save the configuration.

NOTE: To modify the settings of an existing appliance, click on the appliance IP address in the left
pane.

Configuring SSO Agent Communication

Properties
The Dell SonicWALL SSO Agent communicates with workstations using NetAPI or WMI, which both provide
information about users logged into a workstation, including domain users, local users, and Windows services.
Be sure that WMI or NetAPI is installed prior to configuring the SonicWALL SSO Agent.
NOTE: When using Single Sign-on, SSO Agent tries to identify the logged in user by querying the
workstations using the NetAPI or WMI protocols. NetAPI and WMI require File & print sharing enabled on
the client workstations.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

25

To configure the communication properties of the Dell SonicWALL SSO Agent:

1

Launch the Directory Services Connector Configuration Tool either from the Start menu or by doubleclicking the desktop shortcut.
NOTE: The Configuration Tool communicates with the Windows service through JSON RPC. The RPC
port is 127.0.0.1:12348. If the service is stopped, the Configuration Tool tries to start the
service first.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

26

In the left panel, right click SonicWALL SSO Agent, and then select Properties. Configuration settings
display in the right panel.

For Host IP, select an IP address from the drop-down menu. The default IP address is 0.0.0.0.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

27

The SSO Agent binds the UDP socket at this IP address and the port number specified in the Port field.
The Agent receives the SSO protocol packets from the firewall on this socket.
NOTE: If the Host IP address is 0.0.0.0, the SSO Agent accepts packets from any interface.

In the Port field, accept the default port or type in a custom port. By default, the SSO Agent uses UDP
port 2258 to receive the SSO protocol packets.

In the Sync Port field, accept the default port or type in a custom port. By default, the SSO Agent uses
TCP port 2260 to receive the agent synchronize datagrams.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

28

From the Logging Level the drop-down menu, select the level of events to be logged in the log file in the
program data directory. The log file is useful for diagnostics and debugging. The default logging level is 2
- Warning.

In the Max Thread Count field, accept the default of 100 or type in a custom value within the indicated
range.
The SSO Agent starts the configured number of threads at run time. Most of the threads are used for
client probing. These threads periodically query the IP addresses that are present in the Scanner queue.
After completing each query, the agent adds or updates the user or error information in its cache. The
thread count adjusts the trade off between simultaneity and overall performance.

In the Cache Duration field, accept the default of 7200 seconds (2 hours) or type in a custom value
within the indicated range.
If a user does not log off the computer properly, for example by pulling the power plug, the SSO Agent
does not receive a log-off message for the user. In this case, the SSO Agent keeps the user information in
its cache. After the cache duration time expires, the SSO Agent removes the user from the cache and
sends a log-out notification to the firewall. The default time of 2 hours is based on the typical duration
after which the log-in status is refreshed on the Domain Controller. Cache duration functions only apply
to users whose session ID is not equal to zero.
Upon a user information request for any IP address from the appliance, the SSO Agent checks for the IP
address in its cache. If the IP address is not present in the cache, the SSO Agent treats the request as the
first request for that IP Address and adds the IP Address to its Scanner queue for further processing.

To save information about previously identified users when the SSO Agent service is restarted, select the
Preserve Users During Restart checkbox. This option is not selected by default.
Because the SSO Agent must be restarted for Properties changes to take effect, this option allows the
Agent to maintain current user information across these restarts. The SSO Agent saves the user
information in an XML file that contains a timestamp. If the file is less than 15 minutes old when the SSO
Agent restarts, it uses this file to fill its cache; otherwise, the SSO Agent ignores the file to avoid
restoring outdated information.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

29

10 The Scan Users checkbox is selected by default.

If Scan Users is enabled and a user is identified with a Client Probing method, the SSO Agent probes this
user repeatedly until the user logs off the computer or the SSO Agent can identify this user using another
method, such as DC Security Log or Server Session. When the SSO Agent detects that the user has logged
off the computer, it sends a log-off notification to the firewall.
If the query returns an error for any IP address and the SSO Agent is not able to identify the user
information, the agent treats the IP address as a Bad IP. This can occur for network devices such as
printers, non-Windows computers, or other workstations that do not understand the query options. While
processing requests in the Scanner queue, the agent skips any Bad IP addresses and adds the IP address
to the back of the queue for the next fetch.
To ensure that the agent does not process any IP address that has not been polled from the appliance for
a considerable amount of time, the agent maintains the session time and the time of the last request
from the appliance for each IP address. This allows the agent to minimize the queue size, ensures that
threads are not wasted, and prevents unnecessary traffic from the agent for IP addresses that are not
polled from the appliance. The session time can be modified from Windows registry settings using the
registry value, SESIONTIME.
11 In the Scan Interval field, accept the default of 60 seconds or type in a custom value within the
indicated range.
12 For Client Probing Method, select one of the following options from the drop-down menu:

Disabled

Probe user using NetAPI

Probe user using WMI

Probe user using NetAPI first, then WMI (this is the default option)

Probe user using WMI first, then NetAPI

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

30

When the SSO Agent receives an IP Address request from the firewall and the user is not found in its
cache, it uses the selected Client Probing Method to identify the username.
NOTE: NetAPI provides faster, though possibly slightly less accurate, performance. With NetAPI,
Windows reports the last login to the workstation whether or not the user is still logged in. This
means that after a user logs out from his computer, the appliance still shows the user as logged in
when NetAPI is used. If another user logs onto the same computer, then at that point the previous
user is logged out from the Dell SonicWALL appliance.
The handling of non-responsive workstations to queries from WMI and NetAPI is optimized in Dell
SonicWALL Directory Services Connector. The appliance repeatedly polls the SSO Agent with multi-user
requests, and often sends more than one such request at a time. The number of concurrent requests
increases when workstations do not respond to the requests, potentially overloading the Agent. To avoid
this, a time-out mechanism is included in multi-user requests from the appliance. If the request does not
complete within this time, the agent silently aborts it.
13 For Domain name type, select one of the following options from the drop-down menu:

NetBIOS Domain Name

FQDN Domain Name

SonicOS can handle both domain name types. The default option is NetBIOS Domain Name.

14 Click Apply.
15 Click OK.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

31

Configuring Domain Controller Settings

The Domain Controller (DC) is a server that responds to security authentication requests (logging in, checking
permissions, and so on) within the Windows domain. The SSO Agent supports two methods to identify users who
logon to a Windows domain:

DC Security Log

Server Session

Using Microsoft Windows, the DC Security Log contains login and logout activity records or other securityrelated events specified by the Domain Controllers audit policy.
By default, all of the DC Security Log options require a Domain Administrator account or a Local Administrator
account on the Domain Controller to read the DC Security Log.
If an account with administrator privileges is not available, user identification through the DC Security Log can
be configured for WMI with a non-administrator domain account. This account must have read access to the
security log. For more information, refer to the Configuring a Non-Admin Domain Account for SSO Agent to
Read Domain Security Logs configuration guide.

Topics:

Configuring DC Settings in DSC on page 32

Setting Group Policy to Enable Audit Logon on Windows Server 2008 on page 34

Setting Group Policy to Enable Audit Logon on Windows Server 2003 on page 35

Configuring DC Settings in DSC

To configure the Domain Controller settings in Directory Services Connector:
1

In the Directory Connector Configuration Tool, expand SonicWALL SSO Agent in the left pane.

Right-click Domain Controllers, and then select one of the following:

Refresh
This option refreshes the known Domain Controller information, and the right panel displays the
Host Address, Friendly Name, Domain Name, NETBIOS Name, and Status of known DCs.

Add
Select this option to manually add a Domain Controller to the SSO Agent configuration. Go to Step
3.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

32

Auto Discovery
Select this option to have the SSO Agent use DNS queries to find DCs to which the Agent host
machine belongs. The right panel displays the Host Address, Friendly Name, Domain Name,
NETBIOS Name, and Status of the discovered DCs

Config All
Select this option to configure the settings for all known DCs in a pop-up window.

If you selected any option except Add, go to Step 7.

3

If you selected the Add option, the right panel displays the available settings. In the IP Address field,
type the Domain Controller IP address.

In the Friendly Name field, enter a descriptive name for the Domain Controller.

For Server Monitoring Method, select one of the following:

DC Security Log Subscription

You can select this method for getting DC event log updates if the Domain Controller and SSO
Agent are installed on Windows machines that support the event subscription API. It is supported
on Windows 7 and higher, and on Windows Server 2008 and higher.

DC Security Log Polling

This option causes the SSO Agent to request the event log information from the DC at the time
interval indicated in the Pull every field. Accept the default of 5 seconds or type in the desired
interval. The minimum is 5 seconds and the maximum is 300 seconds.

Server Session
This option causes the SSO Agent to request the server session information from the DC at the
time interval indicated in the Pull every field. Accept the default of 10 seconds or type in the
desired interval. The minimum is 5 seconds and the maximum is 300 seconds.

To test the connection to the Domain Controller using the configured IP address, click Test Connection.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

33

If the IP address does not belong to a machine with a role of Domain Controller, the Configuration Tool
displays an error message.
7

If no errors are displayed, click OK.

Setting Group Policy to Enable Audit Logon on Windows

Server 2008
Audit Logon may need to be enabled on the Windows Server machine.

To enable Audit Logon on Windows Server 2008:

1

Start the Group Policy Management Console.

Browse to the following location: Domain Name > Domains > Domain Name > Group Policy
Objects, where Domain Name is replaced with your domain.

Under Group Policy Objects, right-click on Default Domain Policy, and then select Edit.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

34

The Group Policy Management Editor window displays.

Double-click on Audit account logon events, select Success, and then click OK.

Double-click on Audit logon events, select Success, and then click OK.

Double-click on Audit Directory Service Access, select Success, and then click OK.

Double-click on Audit Object Access, select Success, and then click OK.

Close the Group Policy window.

Setting Group Policy to Enable Audit Logon on Windows

Server 2003
By default, Audit Logon is disabled on Windows Server 2003.

To enable Audit Logon on Windows Server 2003:

1

Start the Group Policy Management Console.

Browse to the following location: Domain Name > Domains > Domain Name > Group Policy
Objects, where Domain Name is replaced with your domain.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

35

Right-click on Group Policy Objects, and then select New.

Enter a policy name, and then click OK.

Expand the Group Policy Objects folder and find your new policy.

Right-click on the policy, and then select Edit...

Browse to the following location: Policy Name > Computer Configuration > Windows
Settings > Security Settings > Local Policies > Audit Policy.

Left-click on Audit Policy. The policy settings are displayed in the right pane.

Double-click on Audit account logon events, select Success, and then click OK.
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

36

10 Double-click on Audit logon events, select Success, and then click OK.
11 Double-click on Audit Directory Service Access, select Success, and then click OK.
12 Close the Group Policy window.

Configuring Exchange Server Settings

For information about using an Exchange server to identify users, see About Exchange Servers on page 11.

To add an Exchange server for use by the SSO Agent:

1

Launch the Dell SonicWALL Directory Services Connector Configuration Tool.

Expand the SonicWALL Directory Connector and SonicWALL SSO Agent trees in the left column by clicking
the + button.

Right-click Exchange Servers, and hen select Add.

NOTE: You can configure settings for all known Exchange servers at the same time by selecting
Config All.

In the Exchange Server IP field, type in the Exchange server IP address.

In the Friendly Name field, type in a descriptive name for the Exchange server.

For Server Monitoring Method, select one of the following methods for the SSO Agent to get the event
logs from the server:

Use Event Subscription

This method causes the SSO Agent to request that the Exchange server automatically send any
relevant events to the Agent as they occur.

Pull every <> seconds

This is the polling method. The SSO Agent requests information from the Exchange server at the
configured interval.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

37

If Pull every <> seconds is selected, accept the default polling interval of 10 seconds or type in
the desired interval in the provided field. The minimum is 1 second and the maximum is 60
seconds.
7

Click OK.

Click OK in the popup window indicating that the configuration is saved.

Configuring Novell eDirectory Settings

For information about using Novell eDirectory to identify users, see About Novell eDirectory on page 11.

To configure Novell eDirectory settings:

1

Launch the Dell SonicWALL Directory Services Connector Configuration Tool.

Expand the SonicWALL Directory Connector and SonicWALL SSO Agent trees in the left column by clicking
the + button.

Right click Novell eDirectory Servers and select Add.

In the IP Address field, type in the IP address of the Novell eDirectory server.
In the Port(1-65535) field, type in the port for the service. The default port is:

636 if the Security Connection checkbox is selected.

389 if the Security Connection checkbox is not selected.

In the User DN field, type in the service users domain name.

In the Password field, type in the password for the service user.

In the Base DN field, type in the base domain name.

The User DN and Base DN are case sensitive and should be entered in the following format:

User DN:

cn=xxx,o=xxx

For example: cn=admin, o=test

Dell SonicWALL Directory Services Connector 4.0
Administration Guide

38

Base DN:

o=xxx

For example: o=test

8

In the Polling Interval(1-60 Sec) field, type in the number of seconds for the polling interval. The
default value is 10 seconds, the minimum is 1 second, and the maximum is 60 seconds.

Click the Test Connection button to verify that the SSO Agent can connect with the eDirectory server.

10 Click OK.
11 Click OK in the popup dialog indicating that the configuration is saved.

Configuring Remote SSO Agents

A Single Sign-On deployment can contain up to eight SSO Agents on different servers. Each instance of the SSO
Agent can exchange information with the other, remote Agents.

To configure remote SSO Agents in Directory Services Connecter:

1

Launch the Dell SonicWALL Directory Services Connector Configuration Tool.

Expand the SonicWALL Directory Connector and SonicWALL SSO Agent trees in the left column by clicking
the + button.

Right click Remote SSO Agents and select Add.

In the Agent IP field, type in the IP address of the remote SSO Agent.

In the Sync Port field, accept the default of 2260 or type in the custom sync port.
By default, the SSO Agent uses TCP port 2260 to receive the Agent synchronize data. When an SSO Agent
starts up, it sends a TCP Reset notification to all the configured remote Agents. When a remote Agent
receives this reset notification, it sends its user cache to the requesting Agent. Thereafter, the remote
Agent sends any incremental changes.

In the Friendly Name field, type in a descriptive name for the remote SSO Agent.

Click OK.

Click OK in the popup window indicating that the configuration is saved.

Dell SonicWALL Directory Services Connector 4.0
Administration Guide

39

Click on Remote SSO Agents to display all the configured remote SSO Agents in the right panel. You can
see the friendly name, IP address, port, and status of each remote Agent.

10 To modify the configuration of an existing remote SSO Agent, click on its IP address in the left panel,
enter the desired values as in Step 4 through Step 8, and then click OK.

Using the Configuration Tool Menus

The Directory Services Connector Configuration Tool provides several menus at the top of the screen for
configuring settings and viewing information.

Topics:

Using the File Menu on page 40

Using the View Menu on page 40

Using the Action Menu on page 41

Using the Help Menu on page 47

Using the File Menu

This File menu in the Directory Connector Configuration Tool provides the Exit option.
Click File > Exit to close the Directory Connector Configuration Tool.

Using the View Menu

The View menu in the Directory Connector Configuration Tool provides options for displaying or hiding the
toolbar and status bar.
Click View > ToolBar to toggle the toolbar display. If it is currently hidden, it will be displayed. If currently
displayed, it will be hidden.
Click View > StatusBar to toggle the status bar display. If it is currently hidden, it will be displayed. If currently
displayed, it will be hidden.
The toolbar provides icon buttons near the top of the screen for the following:

Adding servers to the SSO Agent configuration

Removing servers from the SSO Agent configuration

Starting the Windows service

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

40

Stopping the Windows service

Refreshing the items displayed in the Configuration Tool

Viewing the SSO Agent properties

Accessing the diagnostics tool

Each button is only active when a relevant item is selected in the left panel. Not all buttons are active at the
same time.
The status bar displays the current SSO Agent status along the bottom of the screen. The installed version of the
SSO Agent is also displayed there.

Using the Action Menu

The Action menu in the Directory Connector Configuration Tool provides options for viewing the properties, log
entries, viewing users and hosts, using the diagnostic tool, and managing services and users. The option to set
the Service Logon User is available in the Action drop-down menu. It also provides options for starting and
stopping the SSO Agent Windows service.

All of the Action menu options are also available on the right-click menu for the SonicWALL SSO Agent from
within the Configuration Tool.

Topics:

Viewing the Logs on page 42

Displaying Users and Hosts Statistics on page 42

Using the Diagnostic Tool on page 44

Viewing Windows Service Users on page 45

Viewing and Configuring Service Logon User on page 47

Starting and Stopping the Windows Service on page 47

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

41

Viewing the Logs

The Action > View Logs page of the DSC Configuration Tool causes Windows Explorer to open the program data
folder that contains the SSO Agent log files.

The Agent keeps up to five logs at a time and stores them in C:\ProgramData\Dell SonicWALL\SSOAgent:

SSOAgent.log - This is the main log file.

SSOPacket.log - This is the packets log between the firewall and Agent.

Rpc.log - This is the RPC log between the Config Tool and Agent service.

SecurityEvent.log - This is the DC/Exchange security event log.

SessionTable.log - This shows the results returned by the NetSessionEnum API.

More logs are created with higher logging levels. Debug is the highest level.
In the case of troubleshooting, all files in this folder should be sent for investigation by the Support team.
NOTE: When the SSO Agent service crashes, the crash dumps are located at C:\ProgramData\Dell
SonicWALL.

Displaying Users and Hosts Statistics

The Action > Users and Hosts page of the DSC Configuration Tool displays the number of event log messages
parsed and the replies sent to the appliance. It also displays the number of users in the SSO Agent cache, and
the total number of users who logged on and logged off. The User Information table displays the IP address,
user name, user login time, time of last refresh, and the method used to identify the user.
You can search and sort the users as well as manually removing a user from the cache.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

42

To display the Users and Hosts page, click Action and select Users and Hosts.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

43

Using the Diagnostic Tool

The Action > Diagnostics Tool page of the DSC Configuration Tool provides a way to find logged in user
information for remote workstations. You can manually identify IP addresses using the WMI or NetAPI method by
entering multiple IP addresses separated by commas or an IP address range. The results can be exported to a
CSV file.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

44

Viewing Windows Service Users

The Action > Windows Service Users page displays all the service users you configure. The users might be used
by services on the end-users computer. The SSO Agent ignores all events whose usernames are in this list.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

45

Adding a User
You can add a user to the service users list by clicking Add in the Add Local User section and adding the name
in the Excluded user name pattern field. Local users can include a domain name.

TIP: You can also add Windows service users from SonicOS (see the SonicOS Administration Guide for
details).

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

46

Viewing and Configuring Service Logon User

The Action > Service Logon User page displays the current service logon user and allows you to configure it.
The WMI, NetAPI, and DC Security Log methods require domain administrator privileges. The service should be
run with a domain administrator account. You can set up an account name and password on this page.

Starting and Stopping the Windows Service

The Action > Start Service and Action > Stop Service pages provide a way to start and stop the Windows
service for the SSO Agent.

Using the Load Test file

The Load Test feature allows you to preload a static set of IP-to-username mappings and static user
configuration in a user-defined test file.
The tester can create a file named static.csv in the program installation directory, which by default is
C:\Program Files\Dell SonicWALL\SSOAgent. An example static.csv is shown below:

10.0.0.0,user0
10.0.0.1,user1
10.0.0.2,domain\user2

If this file exists, the SSO Agent loads it at service start time and checks and reloads this file every 5 seconds.
You can view the test users and IP addresses in the Action > Users and Hosts screen of the DSC Configuration
Tool, in the User Information list.

Using the Help Menu

The Help menu in the Directory Connector Configuration Tool has two options:

Send Feedback
Select Send Feedback to display a popup window in which you can enter feedback about Directory
Services Connector and the SSO Agent and send it to the Support team. Fill in the Subject, Email ID
(your email address), Name (your name), and Comment fields, and then click Submit.

About
Select About to display a popup dialog with the installed version number of Directory Services Connector
and the SSO Agent.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

47

Part 3
Appendices
Warranty and Licensing
About Dell

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

48

A
Warranty and Licensing
Topics:

GNU General Public License (GPL) Source Code on page 49

Limited Hardware Warranty on page 49

End User Licensing Agreement on page 50

GNU General Public License (GPL) Source

Code
Dell SonicWALL provides a machine-readable copy of the GPL open source on a CD. To obtain a complete
machine-readable copy, send your written request, along with a certified check or money order in the amount
of US $25.00 payable to Dell SonicWALL, Inc. to:
General Public License Source Code Request
Dell SonicWALL, Inc. Attn: Jennifer Anderson
2001 Logic Drive
San Jose, CA 95124-3452

Limited Hardware Warranty

All Dell SonicWALL appliances come with a 1-year Limited Hardware Warranty that provides delivery of critical
replacement parts for defective parts under warranty. In addition, for 90 days from the warranty start date,
Dell SonicWALL SRA 4600/1600 appliances are entitled to a Limited Software Warranty that provides bug fixes,
updates and any maintenance releases that occur during the coverage term. Visit the Warranty Information
page for details on your products warranty:
https://support.software.dell.com/essentials/SonicWALL-Support-Offerings#tab=warranty
Dell SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case
commencing not more than ninety (90) days after the original shipment by Dell SonicWALL), and continuing for
a period of twelve (12) months, that the product will be free from defects in materials and workmanship under
normal use. This Limited Warranty is not transferable and applies only to the original end user of the product.
Dell SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under this limited
warranty will be shipment of a replacement product. At Dell SonicWALL's discretion the replacement product
may be of equal or greater functionality and may be of either new or like-new quality. Dell SonicWALL's
obligations under this warranty are contingent upon the return of the defective product according to the terms
of Dell SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by
accident, abuse, misuse or misapplication, or has been modified without the written permission of Dell
SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR
ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

49

MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED,
SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS
DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT
APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS
WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express
warranty set forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. DELL SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS
DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT SHALL DELL SONICWALL OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO
USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER
CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE
HARDWARE OR SOFTWARE EVEN IF DELL SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. In no event shall Dell SonicWALL or its suppliers' liability to Customer, whether in contract,
tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall
apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS
DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION
MAY NOT APPLY TO YOU.

End User Licensing Agreement

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SONICWALL PRODUCT. BY INSTALLING OR USING
THE SONICWALL PRODUCT, YOU (AS THE CUSTOMER, OR IF NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT
AUTHORIZED TO BIND THE CUSTOMER) INDICATE ACCEPTANCE OF AND AGREE TO THE TERMS AND CONDITIONS OF
THIS AGREEMENT FOR AND ON BEHALF OF THE CUSTOMER. IF YOU DO NOT AGREE TO THE TERMS AND
CONDITIONS OF THIS AGREEMENT, THEN DO NOT USE THE PRODUCT AND RETURN IT TO THE PLACE OF PURCHASE
WITH PROOF OF PURCHASE WITHIN THIRTY (30) DAYS OF PURCHASE FOR A REFUND. IF YOU DO PROCEED TO
INSTALL OR USE THE SONICWALL PRODUCT, YOU WILL HAVE INDICATED ACCEPTANCE AND AGREEMENT WITH THE
TERMS AND CONDITIONS HEREIN. NOTWITHSTANDING THE FOREGOING, THIS AGREEMENT SHALL NOT SUPERSEDE
ANY OTHER SIGNED AGREEMENT BETWEEN YOU AND SONICWALL THAT EXPRESSLY GOVERNS THE SONICWALL
PRODUCT.
Product means the SonicWALL labeled hardware and related documentation (Hardware) and/or proprietary
SonicWALL labeled software, firmware and related documentation (Software) purchased by the end user of
the product either directly from SonicWALL or a Reseller (Customer). Services means the Support Services
described below and any other services provided with or for the Products directly by SonicWALL or its agents.
Reseller shall mean those entities to which SonicWALL or SonicWALLs authorized distributors distribute the
Products for resale to end users. Except as otherwise agreed upon by the parties, this Agreement will also cover
any updates and upgrades to the Products provided to Customer by SonicWALL directly or through a Reseller
(except as may be otherwise indicated, such updates and upgrades shall be deemed Products).

1. LICENSE(S) AND RESTRICTIONS

(a) Licenses. Subject to the terms and conditions of this Agreement, SonicWALL grants to Customer, and
Customer accepts from SonicWALL, a nonexclusive, nontransferable (except as otherwise set forth herein) and
nonsublicensable license (License) to:
1

(i) execute and use the Software on the Hardware with which the Software is provided (pre-installed) in
accordance with the applicable Documentation; and,

(ii) for Software provided in standalone form (without Hardware), install, execute and use the Software
on the Hardware or hardware device(s) on which it is intended to be used in accordance with the
applicable Documentation and the License purchased. If Customer purchased multiple copies of
standalone Software, Customers License to such standalone Software includes the right to install, use
and execute up to the number of copies of Software Licenses purchased.

In addition, the License includes the right to (x) make a reasonable number of additional copies of the Software
to be used solely for non-productive archival purposes, and (y) make and use copies of the end user

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

50

documentation for Hardware and/or Software provided with the Products (Documentation) as reasonably
necessary to support Customers authorized users in their use of the Products.
(b) License Limitations. Order acknowledgments, Documentation and/or the particular type of the Products/
Licenses purchased by Customer may specify limits on Customers use of the Software, and which limits apply to
the License(s) granted hereunder for such Software. Such limits may consist of limiting the term of the License,
or the number or amount of nodes, storage space, sessions, calls, users, subscribers, clusters, devices, ports,
bandwidth, throughput or other elements, and/or require the purchase of separate Licenses to use or obtain
particular features, functionalities, services, applications or other items. Use of the Software shall be subject
to all such limitations.
(c) For Customers Internal Business. Each License shall be used by Customer solely to manage its own internal
business operations as well as the business operations of its Affiliates. Notwithstanding the foregoing, if
Customer is in the regular business of providing firewall, VPN or Security management for a fee to entities that
are not its Affiliates (MSP Customers), Customer may use the Products for its MSP Customers provided that
either (i) Customer, and not MSP Customers, maintain control and possession of the Products, or (ii) if MSP
Customers have possession and/or control of Products in whole or in part, this Agreement must be provided to
MSP Customers and they must agree that their use of the Products is subject to the terms and conditions of this
Agreement. Customer agrees to indemnify and hold SonicWALL harmless from and against any claims by MSP
Customers against SonicWALL relating to the Products and/or Customers services for MSP Customers. Affiliate
means any legal entity controlling, controlled by, or under common control with a party to this Agreement, but
only for so long as such control relationship exists.
(d) Evaluation License. If the Software is provided by SonicWALL or a Reseller at no charge for evaluation
purposes, then Section 1(a) above shall not apply to such Software and instead Customer is granted a
nonproduction License to use such Software and the associated documentation solely for Customers own
internal evaluation purposes for an evaluation period of up to thirty (30) days from the date of delivery of the
Software, plus any extensions granted by SonicWALL in writing (the Evaluation Period). There is no fee for
Customers use of the Software for nonproduction evaluation purposes during the Evaluation Period, however,
Customer is responsible for any applicable shipping charges or taxes which may be incurred, and any fees which
may be associated with usage beyond the scope permitted herein. Notwithstanding anything otherwise set forth
in this Agreement, Customer understands and agrees that evaluation Software is provided AS IS and that
SonicWALL does not provide a warranty or maintenance services for evaluation Licenses.
(e) Restrictions. Customer may not (i) modify, translate, localize, adapt, rent, lease, loan, create or prepare
derivative works of, or create a patent based on the Software or any part thereof, (ii) make copies except as
expressly authorized under this Agreement, (iii) copy the Software onto any public or distributed network, (iv)
modify or resell the Software, use the Software in connection with the operation of any nuclear facilities, or use
for purposes which are competitive to SonicWALL, or (v) except as expressly authorized in Section 2(c) above,
operate the Software for use in any time-sharing, outsourcing, service bureau or application service provider
type environment. Unless and except to the extent authorized in the applicable Documentation, Software
provided with and/or as the Product, in part or whole, is licensed for use only in accordance with the
Documentation as part of the Product: Software components making up a Product may not be separated from,
nor used on a separate or standalone basis from the Product. Each permitted copy of the Software and
Documentation made by Customer hereunder must contain all titles, trademarks, copyrights and restricted
rights notices as in the original. Customer understands and agrees that the Products may work in conjunction
with third party products and Customer agrees to be responsible for ensuring that it is properly licensed to use
such third party products. Any Software provided in object code form is licensed hereunder only in object code
form. Except to the extent allowed by applicable law if located in the European Union, and then only with prior
written notice to SonicWALL, Customer shall not disassemble or reverse engineer the Software in whole or in
part or authorize others to do so. Customer agrees not to use the Software to perform comparisons or other
benchmarking activities, either alone or in connection with any other software or service, without
SonicWALLs written permission; or publish any such performance information or comparisons.
(f) Third Party Software. There may be certain third party owned software provided along with, or incorporated
within, the Products (Third Party Software). Except as set forth below, such Third Party Software shall be
considered Software governed by the terms and conditions of this Agreement. However, some Products may
contain other Third Party Software that is provided with a separate license agreement, in which case such Third
Party Software will be governed exclusively by such separate license agreement (Third Party License) and not
this Agreement. Any such Third Party Software that is governed by a Third Party License, and not this
Agreement, will be identified on the applicable Product page on SonicWALLs website and/or in a file provided
with the Product. Except as SonicWALL may otherwise inform Customer in writing, the Third Party License gives
Customer at least the license rights granted above, and may provide additional license rights as to the Third
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

51

Party Software, but only with respect to the particular Third Party Software to which the Third Party License
applies. SUCH THIRD PARTY SOFTWARE UNDER A THIRD PARTY LICENSE IS PROVIDED WITHOUT ANY WARRANTY
FROM SONICWALL AND ITS SUPPLIERS, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. Notwithstanding the foregoing, SonicWALL shall
honor its warranty, maintenance and support obligations in respect to the SonicWALL Products regardless of
whether the warranty, maintenance or support issue is caused in whole or in part by the Third Party Software
provided by SonicWALL with the Product.
(g) Updates/Upgrades. If Customer purchases or otherwise is eligible to receive a SOFTWARE update or upgrade,
you must be properly licensed to use the Product identified by SonicWALL as being eligible for the update/
upgrade in order to install and use the SOFTWARE update/ upgrade. A SOFTWARE update/ upgrade replaces
and/or supplements the Software Product that formed the basis for your eligibility for the update/upgrade, and
does not provide you an additional License (copy) of the Software to use separately from the Software Product
to be updated/ upgraded. You may use the resulting updated/upgraded Product only in accordance with the
terms of this Agreement.
(h) Activation Keys May Expire. Certain Products, including Security Services that provide regular ongoing
updates for Software (e.g., Security Service consisting of anti-virus signature updates), may come with an
activation key or license key (a key that must be entered to activate the Product, Activation Key). If the
Activation Key for a Product is not activated within five (5) years from the date of issuance by SonicWALL, such
Activation Key(s) may expire and no longer activate the Product. Products that come with an expiring Activation
Key will operate for the contracted term of the License (or purchased Security Service), so long as the
Activation Key is activated within five (5) years from SonicWALLs date of issuance.

2. OWNERSHIP
SonicWALL and its licensors are the sole and exclusive owners of the Software, and all underlying intellectual
property rights in the Hardware. All rights not expressly granted to Customer are reserved by SonicWALL and its
licensors.

3. TERMINATION OF LICENSE(S)
All licenses to the Software hereunder shall terminate if Customer fails to comply with any of the provisions of
this Agreement and does not remedy such breach within thirty (30) days after receiving written notice from
SonicWALL. Customer agrees upon termination to immediately cease using the Software and to destroy all
copies of the Software which may have been provided or created hereunder.

4. SUPPORT SERVICES
SonicWALLs current Support Service offerings (Support Services) and the terms and conditions applicable to
such Support Services are set forth in SonicWALLs Support Services Terms located
https://support.software.dell.com/essentials/SonicWALL-Support-Offerings and are incorporated herein by
reference. Support Services may require an additional fee. Unless otherwise agreed to in writing, SonicWALLs
Support Services are subject to SonicWALLs Support Services Terms which are in effect at the time the Support
Services are purchased by Customer, and these terms and conditions will be incorporated herein by reference at
that time. SonicWALL reserves the right to change the Support Services Terms from time to time by posting such
changes on its website, which shall apply to any Support Services purchased on or after the date of such
posting.

5. SONICWALL WARRANTY
(a) Warranty. SonicWALL warrants to Customer (original purchaser Customer only) that for the applicable
warranty period (Warranty Period) the Hardware will be free from any material defects in materials or
workmanship and the Software, if any, will substantially conform to the Documentation applicable to the
Software and the License purchased (Limited Warranty). Except as may indicated otherwise in writing by
SonicWALL, the Warranty Period for Hardware is one year from the date of registration of the Hardware Product
(or if sooner, seven days after initial delivery of the Hardware Product to Customer), and the applicable
warranty period for Software is ninety days from the date of registration of the Software Product (or if sooner,
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

52

seven days after initial delivery/download) of the Software Product to/by Customer. SonicWALL does not
warrant that use of the Product(s) will be uninterrupted or error free nor that SonicWALL will correct all errors.
The Limited Warranty shall not apply to any non-conformance (i) that SonicWALL cannot recreate after
exercising commercially reasonable efforts to attempt to do so; (ii) caused by misuse of the Product or by using
the Product in a manner that is inconsistent with this Agreement or the Documentation; (iii) arising from the
modification of the Products by anyone other than SonicWALL; or (iv) caused by any problem or error in third
party software or hardware not provided by SonicWALL with the Product regardless of whether or not the
SonicWALL Product is designed to operate with such third party software or hardware. SonicWALL's sole
obligation and Customer's sole and exclusive remedy under any express or implied warranties hereunder shall be
for SonicWALL to use commercially reasonable efforts to provide error corrections and/or, if applicable, repair
or replace parts in accordance with SonicWALLs Support Services Terms. Customer shall have no rights or
remedies under this Limited Warranty unless SonicWALL receives Customers detailed written warranty claim
within the applicable warranty period.
(b) Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH ABOVE, TO MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW SONICWALL HEREBY DISCLAIMS ON BEHALF OF ITSELF, ITS SUPPLIERS, DISTRIBUTORS AND
RESELLERS ALL WARRANTIES, EXPRESS, STATUTORY AND IMPLIED, APPLICABLE TO THE PRODUCTS, SERVICES
AND/OR THE SUBJECT MATTER OF THIS AGREEMENT, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF
MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.

6. LIMITATION OF LIABILITY
The Products are not designed, manufactured, authorized or warranted to be suitable for use in any system
where a failure of such system could result in a situation that threatens the safety of human life, including
without limitation any such medical, life support, aviation or nuclear applications. Any such use and subsequent
liabilities that may arise from such use are totally the responsibility of Customer, and all liability of SonicWALL,
whether in contract, tort (including without limitation negligence) or otherwise in relation to the same is
excluded. Customer shall be responsible for mirroring its data, for backing it up frequently and regularly, and
for taking all reasonable precautions to prevent data loss or corruption. SonicWALL shall not be responsible for
any system downtime, loss or corruption of data or loss of production. NOTWITHSTANDING ANYTHING ELSE IN
THIS AGREEMENT OR OTHERWISE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL
SONICWALL, ITS SUPPLIERS, DISTRIBUTORS OR RESELLERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE
OR CONSEQUENTIAL DAMAGES, LOST OR CORRUPTED DATA, LOST PROFITS OR SAVINGS, LOSS OF BUSINESS OR
OTHER ECONOMIC LOSS OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF OR
RELATED TO THIS AGREEMENT, THE PRODUCTS OR THE SERVICES, WHETHER OR NOT BASED ON TORT, CONTRACT,
STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT SONICWALL HAS BEEN ADVISED OR KNEW
OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SONICWALL'S
MAXIMUM LIABILITY TO CUSTOMER ARISING FROM OR RELATING TO THIS AGREEMENT SHALL BE LIMITED TO THE
AMOUNTS RECEIVED BY SONICWALL FOR THE PRODUCTS AND THE SERVICES PURCHASED BY CUSTOMER, PROVIDED
THAT WHERE ANY CLAIM AGAINST SONICWALL RELATES TO PARTICULAR PRODUCT AND/OR SERVICES,
SONICWALLS MAXIMUM LIABILITY SHALL BE LIMITED TO THE AGGREGATE AMOUNT RECIEVED BY SONICWALL IN
RESPECT OF THE PRODUCTS AND/OR SERVICES PURCHASED BY CUSTOMER AFFECTED BY THE MATTER GIVING RISE
TO THE CLAIM. (FOR MAINTENANCE SERVICES OR A PRODUCT SUBJECT TO RECURRING FEES, THE LIABILITY SHALL
NOT EXCEED THE AMOUNT RECEIVED BY SONICWALL FOR SUCH MAINTENANCE SERVICE OR PRODUCT PURCHASED
BY CUSTOMER DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM). CUSTOMER EXPRESSLY AGREES TO THE
ALLOCATION OF LIABILITY SET FORTH IN THIS SECTION, AND ACKNOWLEDGES THAT WITHOUT ITS AGREEMENT TO
THESE LIMITATIONS, THE PRICES CHARGED FOR THE PRODUCTS AND SERVICES WOULD BE HIGHER.

7. GOVERNMENT RESTRICTIONS
Customer agrees that it will not export or re-export the Products without SonicWALL's prior written consent, and
then only in compliance with all requirements of applicable law, including but not limited to U.S. export control
regulations. Customer has the responsibility to obtain any required licenses to export, reexport or import the
Products. Customer shall defend, indemnify and hold SonicWALL and its suppliers harmless from any claims
arising out of Customers violation of any export control laws relating to any exporting of the Products. By
accepting this Agreement and receiving the Products, Customer confirms that it and its employees and agents
who may access the Products are not listed on any governmental export exclusion lists and will not export or reexport the Products to any country embargoed by the U.S. or to any specially denied national (SDN) or denied
entity identified by the U.S. Applicable export restrictions and exclusions are available at the official web site
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

53

of the U.S. Department of Commerce Bureau of Industry and Security (www.bis.doc.gov). For purchase by U.S.
governmental entities, the technical data and computer software in the Products are commercial technical data
and commercial computer software as subject to FAR Sections 12.211, 12.212, 27.405-3 and DFARS Section
227.7202. The rights to use the Products and the underlying commercial technical date and computer software
is limited to those rights customarily provided to the public purchasers as set forth in this Agreement. The
Software and accompanying Documentation are deemed to be commercial computer software and
commercial computer software documentation, respectively, pursuant to DFAR Section 227.7202 and FAR
Section 12.212, as applicable. Any use, modification, reproduction, release, performance, display or disclosure
of the Software and accompanying Documentation by the United States Government shall be governed solely by
the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of
this Agreement.

8. GENERAL
a) Governing Law and Venue. This Agreement shall be governed by and construed in accordance with the laws of
the State of California, without giving effect to any conflict of laws principles that would require the
application of laws of a different state. The parties agree that neither the United Nations Convention on
Contracts for the International Sale of Goods, nor the Uniform Computer Information Transaction Act (UCITA)
shall apply to this Agreement, regardless of the states in which the parties do business or are incorporated. Any
action seeking enforcement of this Agreement or any provision hereof shall be brought exclusively in the state
or federal courts located in the County of Santa Clara, State of California, United States of America. Each party
hereby agrees to submit to the jurisdiction of such courts. Notwithstanding the foregoing, SonicWALL is entitled
to seek immediate injunctive relief in any jurisdiction in the event of any alleged breach of Section 1 and/or to
otherwise protect its intellectual property.
b) Assignment. Except as otherwise set forth herein, Customer shall not, in whole or part, assign or transfer any
part of this Agreement or any rights hereunder without the prior written consent of SonicWALL. Any attempted
transfer or assignment by Customer that is not permitted by this Agreement shall be null and void. Any
transfer/assignment of a License that is permitted hereunder shall require the assignment/transfer of all copies
of the applicable Software along with a copy of this Agreement, the assignee must agree to all terms and
conditions of this Agreement as a condition of the assignment/transfer, and the License(s) held by the
transferor Customer shall terminate upon any such transfer/assignment.
c) Severability. If any provision of this Agreement shall be held by a court of competent jurisdiction to be
contrary to law, such provision will be enforced to the maximum extent permissible and the remaining
provisions of this Agreement will remain in full force and effect.
d) Privacy Policy. Customer hereby acknowledges and agrees that SonicWALLs performance of this Agreement
may require SonicWALL to process or store personal data of Customer, its employees and Affiliates, and to
transmit such data within SonicWALL or to SonicWALL Affiliates, partners and/or agents. Such processing,
storage, and transmission may be used for the purpose of enabling SonicWALL to perform its obligations under
this Agreement, and as described in SonicWALLs Privacy Policy (http://www.sonicwall.com/us/en/PrivacyPolicy.html, Privacy Policy) and may take place in any of the countries in which SonicWALL and its Affiliates
conduct business, including countries outside of the European Economic Area. SonicWALL reserves the right to
change the Privacy Policy from time to time as described in the Privacy Policy.
e) Notices. All notices provided hereunder shall be in writing, delivered personally, or sent by internationally
recognized express courier service (e.g., Federal Express), addressed to the legal department of the respective
party or to such other address as may be specified in writing by either of the parties to the other in accordance
with this Section.
f) Disclosure of Customer Status. SonicWALL may include Customer in its listing of customers and, upon written
consent by Customer, announce Customer's selection of SonicWALL in its marketing communications.
g) Waiver. Performance of any obligation required by a party hereunder may be waived only by a written waiver
signed by an authorized representative of the other party, which waiver shall be effective only with respect to
the specific obligation described therein. Any waiver or failure to enforce any provision of this Agreement on
one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
h) Force Majeure. Each party will be excused from performance for any period during which, and to the extent
that, it is prevented from performing any obligation or service as a result of causes beyond its reasonable
control, and without its fault or negligence, including without limitation, acts of God, strikes, lockouts, riots,
acts of war, epidemics, communication line failures, and power failures.
Dell SonicWALL Directory Services Connector 4.0
Administration Guide

54

i) Audit. Customer shall maintain accurate records to verify compliance with this Agreement. Upon request by
SonicWALL, Customer shall furnish (a copy of) such records to SonicWALL and certify its compliance with this
Agreement.
j) Headings. Headings in this Agreement are for convenience only and do not affect the meaning or
interpretation of this Agreement. This Agreement will not be construed either in favor of or against one party or
the other, but rather in accordance with its fair meaning. When the term including is used in this Agreement
it will be construed in each case to mean including, but not limited to.
k) Entire Agreement. This Agreement is intended by the parties as a final expression of their agreement with
respect to the subject matter hereof and may not be contradicted by evidence of any prior or contemporaneous
agreement unless such agreement is signed by both parties. In the absence of such an agreement, this
Agreement shall constitute the complete and exclusive statement of the terms and conditions and no extrinsic
evidence whatsoever may be introduced in any judicial proceeding that may involve the Agreement. This
Agreement represents the complete agreement and understanding of the parties with respect to the subject
matter herein. This Agreement may be modified only through a written instrument signed by both parties.

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

55

About Dell

Dell listens to customers and delivers worldwide innovative technology, business solutions and services they
trust and value. For more information, visit www.software.dell.com.

Contacting Dell
Technical support:
Online support
Product questions and sales:
(800) 306-9329
Email:
[email protected]

Technical Support Resources

Technical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. In addition, the portal provides direct access to product support engineers through an
online Service Request system. To access the Support Portal, go to https://support.sonicwall.com/.
The site enables you to:

Create, update, and manage Service Requests (cases)

View Knowledge Base articles

Obtain product notifications

Download software. For trial software, go to Trial Downloads.

View how-to videos

Engage in community discussions

Dell SonicWALL Directory Services Connector 4.0

Administration Guide

56