SonicWall SSL VPN with both AD and local users

LeRouteur

8/11/23, 12:56 PM

I'm currently setting up a VPN for our enterprise users using SonicWall SSL VPN and the NetExtender client on Windows 10 (no mobiles devices).

The firewall is querying the Active Directory database for users in a specific group, which are authorized to use the VPN. When those users connect to the VPN using NetExtender, the domain used is "xxx.local" and It works fine.

But when a local user (created on the firewall itself) wants to login, using the "xxx.local" domain fails with bad credentials, which makes sense.

Therefore, what is the domain to be used for local users when connecting to the VPN using NetExtender? Is there a way to use both of those account types?

EDIT: here are the settings we have currently set up for the SSL VPN

0 + 0

vpn

sonicwall

Score:1

Server

yagmoth555

8/11/23, 1:15 PM

Yes you can use both account type; please use LocalDomain for the domain, case sensitive.

0 + 0

LeRouteur

8/11/23, 2:09 PM

Thanks for your answer. Sadly, this is not working. Since we have set up the domain to be "xxx.local" in the SSL VPN Server Settings, it's not working (see added picture in the question). Have we done it the right way? Most users will be AD users, thus connecting using our AD domain.

yagmoth555

8/11/23, 2:17 PM

@LeRouteur Tried in the username field when the user connect to enter username@LocalDomain ? as a workaround, even if it's wrote under your real domain.

LeRouteur

8/11/23, 2:34 PM

Sadly no, it does not work. Do you want me to grab some logs on the Sonicwall or the NetExtender?

Score:0

Server

LeRouteur

8/20/23, 3:52 PM

Just found the answer: there is a group called "SSLVPN Services" in which you can add the local users, and even if the domain is set in the NetExtender client, they will connect using their local account. I also opened a case at the SonicWALL support for some other problems, and they told me about this issue that it was preferable to use LDAP accounts instead of mixed ones (local + LDAP).

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SonicWall SSL VPN with both AD and local users

TH: SonicWall SSL VPN กับทั้ง AD และผู้ใช้ในพื้นที่

RO: SonicWall SSL VPN cu utilizatori AD și locali

RU: SonicWall SSL VPN как с AD, так и с локальными пользователями

VI: SonicWall SSL VPN với cả AD và người dùng cục bộ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.