Explanations on usage
If a user known to the SN SSO Agent uses another login from the same domain, the firewall may cancel the identification of this user. The second identification is relayed by the domain controller, which replaces the initial session. Such cases occur especially for the following types of access:
- Login to an intranet using the kerberos and/or ntlm method,
- Mounting of shared remote resources, e.g., files and printers, via the SMB protocol,
- Login to RDP Terminal Services on a remote server.
Communications with the syslog server must be in UDP. Since this protocol does not guarantee confidentiality or integrity, we recommend that you secure communications between non-Windows directories, such as Samba 4, and the syslog server to prevent potential security risks that include IP address spoofing, or the injection of unauthorized syslog messages to the firewall.
Secure these communications by physically segmenting the network, setting up a VLAN, or using IPsec, SSH or SSL tunnels. Alternatively, a TLS syslog server relay can also be placed between the hosts concerned.