Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sonicwall SMA Maximum user count

Hi Everyone,

We are having sonicwall SMA 7200 appliance which is running on 12.3 firmware version.In that we are facing issue while adding and removing users in access rule. it giving error like user count reach to maximum.yes we can apply cem value to increase maximum count but why it was gives error when we try to delete users from access rule.

Is there any alternate way we can delete users in access rule.

Category: Secure Mobile Access Appliances
Reply

Answers

  • SriSri Moderator

    Hello @Darshil

    Thank you for reaching us on Communities.

    Tagging @shiprasahu93 @Nevyaditha @fmadia @Saravanan@Poorni_5 for further assistance

  • shiprasahu93shiprasahu93 Moderator
    edited June 11

    Hello @Darshil,

    SMA 7200 should be able to support 10,000 concurrent users. How many active sessions are you seeing at the moment?

    Also, are you facing this issue after some configuration change or firmware upgrade?

    Also, moving this to the right category for better results.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Poorni_5Poorni_5 SonicWall Employee

    @Sri I tried to find an answer, but there were too many return questions, So i have requested Michael to provide an answer.

    Thanks & Regards,

    Poornima.T.R

  • DarshilDarshil Newbie ✭

    Hi @shiprasahu93

    Yes i knew that SMA 7200 support more than 1000 concurrent connection. But we are facing issue while removing users from access rule. I aware about this is a limitation in 12.3 version. But my concern is why this error message come when we try to delete users from access rule.

  • Poorni_5Poorni_5 SonicWall Employee
    edited June 11

    @Darshil ,

    Your query will be answered by our SMA experts in a while.

    Thanks & Regards,

    Poornima.T.R

  • SimonSimon Moderator
    edited June 11

    Hi @Darshil is it not a best practice to add individual users in an access control rule, except in very unusual circumstances with very few users.

    Access control rules should be a simple as possible to ensure you can manage them and maintain good security. In addition, very complex access control rules will cause delays as they must all be processed at the point a VPN is established. The access control rules limit access, but they also control what routes are pushed to the client at as the VPN is established.

    Ideally you would use either group membership in your authentication server, or the realm or community where a user is authenticated, to manage resource accesses. If your users are all on the local authentication server in the SMA, you can create groups in that authentication server as well.

    The access control rules should be very simple and easy to manage and understand. Group membership is resolved during authentication so is available to be used in access control rule processing.

    Authentication servers are designed to handle this kind of data easily and quickly. Access control rules are not.

    Already at the limit of the max number of users in an access control rule, I'd suggest in parallel create a group membership based access control rule. That will let you manage this in the authentication server. Once that rule is established, delete the entire username based access control rule.

Sign In or Register to comment.