Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

NSA 2650 Logging Out Randomly

compunext_rogeriocompunext_rogerio Newbie ✭
in Mid Range Firewalls

Dear friends, we have observed a really strange behaviour on SonicWall NSa 2650.

Administration screen keeps logging out randomly. It happens with default local admin or AD Users.

This is our scenario details:

  1. SonicWall NSa 2650
  2. Firmware Version: SonicOS Enhanced 6.5.4.9-93n
  3. User Authentication Method: LDAP + Local Users
  4. LDAP Servers: Primary (AD01) and Backup (AD02)
  5. SSO Agents: AD01 and AD02
  6. Inactivity TimeOut: 15 minutes
  7. Authentication Partition: No

The most interesting aspect to be noticed is that logouts are completely random. It can happen with local admin, Active Directory Admin, at any moment. Can happen right after logging into web administration screen or it can happen in 2 minutes or in 30 minutes of use.

Any help will be appreciated.

Best regards!

Category: Mid Range Firewalls
Reply

Answers

  • compunext_rogeriocompunext_rogerio Newbie ✭

    I figured out what is happening.

    We use SSO Agent for User Authentication.

    Many Microsoft Services are installed on internal servers, such as Azure AD Connect and Microsoft Exchange. These services create users for internal processes and these internal users open cloud or internal communication processes.

    While using firewall administration web GUI, I am considered to be a valid authenticated user.

    Perhaps, when configured with SSO Agent, SonicWall firewall validate user logged on the firewall services, including web administration GUI. Thus, when SonicWall firewall compare my user logon name with service user name detected on the computer queried by SSO Agent, inconsistency is achieved, forcing logout of my user account from NSa 2650.

    This is the error message logged by NSa 2650:

    myusername@internal-ad.domain, logout reported by SSO agent. Session ID mismatch: user was 0, reported as 9636. User name mismatch. user was internal-ad.domain/myusername, reported as internal-ad.domain/MSOL_ef7(internal_service_user)

    This is the user detected by SSO Agent :

    image.png

    This internal service user was detected by DC Security Logs.

    I checked SSO Agent Screen and found the following:

    image.png

    Internal service users were not listed to be excluded.

    Azure AD Connect creates a user account called MSOL_(user_GUID). Exchange 2016 creates a user called HealthMailbox(user_GUID).

    I added the following users inside SSO Agent "Excluded Users" configuration:

    image.png

    Other internal service users may be added according to your AD environment.

    So, as your environment grows, customization may be needed to avoid authentication issues.

    Thanks a lot for everyone!

Sign In or Register to comment.