Sonicwall SSL-VPN Authentication with Azure AD Domain Services
jordandlance
Newbie ✭
Following a recent move into Azure AD, O365 and Intune etc. we now have little requirement for an on-prem physical Domain Controller and instead are looking at moving into AADDS for domain services.
The thing I am wondering is if we can completed SSL-VPN authentication requests from the Sonicwall to AADDS for LDAP/s authentication. I have tried to find some articles online about how this can/or if it can be achieved but I am drawing a blank at the moment.
I can't see why we would be unable to unless the Sonicwall don't have the integration available, which I can't see happening with their size and the worlds use of Azure AD and AADDS.
Best Answer
-
CORRECT ANSWERSonicAdmin80
Cybersecurity Overlord ✭✭✭
I have set this up. You need Azure VPN Gateway and an IPsec tunnel to Azure from on-prem, but other than that it works just like any other AD/LDAP connection. No add-ons needed if you just do basic authentication.
As said above, with SMA you can use SAML and the AADDS & VPN combo shouldn't be needed.
1
Answers
Have you read the thread here: https://community.sonicwall.com/technology-and-support/discussion/696/ssl-vpn-using-ldap-and-azure-ad
and here: https://community.sonicwall.com/technology-and-support/discussion/835/clarifications-on-azure-ad-service-integration-with-sonicwall-firewall
SAML is only supported on SMA devices. LDAP is supported to Azure AD but requires the directory services add-on.
@SonicAdmin80 thanks for confirming that this works. Do you use LDAPS or standard LDAP for authentication for SSL-VPN?
I use LDAPS with a purchased wildcard certificate. Perhaps not even needed since the VPN connection is encrypted and the authentication traffic might not traverse network segments where there's a risk of traffic capture.