A SonicWall NGFW is a Next-Generation Firewall produced by the cybersecurity company SonicWall. These devices provide comprehensive network security by combining traditional firewall capabilities with advanced threat prevention features designed to identify and block modern, sophisticated cyber threats.

Using programmable tokens with a SonicWall NGFW involves two main parts: an administrator configuration on the SonicWall device/portal, and a user setup on the mobile app.

SonicWall uses the Time-Based One-Time Password (TOTP) standard, which is compatible with Google Authenticator, and given programmable tokens can be used as a direct replacement for google authenticator, we can use the same process to generate a suitable QR code, then use the QR code to program the hardware token. 

Administrator Configuration

Log in to your SonicWall management interface (SonicOS or MySonicWall portal), then switch to configuration mode (see SonicWall instructions below);

• How to switch from non-config mode to full configuration mode while accessing SonicWall Management

Navigate to "Users | Local Users & Groups" or "Device | Users | Local Users" (depending on your firmware version).

Edit an existing user or add a new user (by clicking on "Add Users").

In the user's "Settings" tab, locate the One-Time password method dropdown list and select "TOTP".

Click on the button to save the user settings (for new users, you may need to assign a temporary password and select "User must change password on next logon" to prompt the setup process for the user).

Next, navigate to the "Groups" Tab, then under the Member Of, add "SonicWALL Administrator", then click ;

User Setup

Once the administrator has enabled TOTP, the end-user must access their login portal (using their mobile device),  then they need to complete the binding process on their first login attempt.

Log in to SonicWall Network Security Appliance portal using your username and password (e.g., "https://yourfirewallIP:4433");

On the screen that appears, you will be prompted to set up the authenticator app and a QR code will be displayed.

A QR code will now be displayed similar to the following;

You can use the QR code to program our programmable tokens using the instructions found in the following procedure;

• Click here to expand...

  We have a range of programmable tokens that can act as direct replacements for an authentication apps.

  Programming single seeded tokens using a QR code on a windows PC

  Single seeded tokens (such as the SafeID/Diamond and the SafeID/Pro) can be programmed using a windows PC using the following procedure;

  • Click here for instructions for using the SafeID Diamond Programmer for Windows

    Download and launch the SafeID/Diamond programming tool.  

    

    Click the Scan QR Code button 

    Click here for instructions on Scanning QR Codes ...

    Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.

    You can scan the screen for a QR code, or load from a file.

    

    If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).

    If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app.  In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated.  To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.

    

    Select Scan Screen.

    If succeeded, the Seed box should be filled with the token's seed data.

    

    Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

    

    Press the Connect button

    

    Now, switch on a SafeID token and place it on the reader. 

    The tool will read out the token's serial number and time, and display them:

    

    If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.

    Press the Burn button

    

    The token is successfully programmed.

    Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)

    

  Programming single seeded tokens using a QR code on an Android mobile phone

  Single seeded tokens (such as the SafeID/Diamond and the SafeID/Pro) can be programmed using an android mobile phone using a procedure that is similar to the windows procedure, but using the following instructions;

  • Click here for instructions for using the SafeID Diamond Programmer for Android

    
    

    Introduction

    There are circumstance where you may want to replace a mobile phone based authentication app (such as google authenticator) with a programmable hardware token (such as the SafeID/Diamond or SafeID/Pro programmable tokens).

    
    

    

    
    

    
    

    
    

    Preparation

    Before you can use an NFC enabled phone to burn programmable tokens you will need to perform the following preparatory steps;

    1. Enable NFC on an Android mobile phone

       Make sure you’re running the latest version of Android (the majority of new Android smartphones have an NFC chip in the phone).

       Turn on your device and slide from the top down to access the android settings.

       Maximise the displayed icons then ensure the "NFC" icon is enabled;

       

       
       

       If asked if you want to turn on  "Android Beam",  confirm that you want the feature enabled.

       
       

    2. Downloading the programming tool on Android devices

       

       If your mobile device runs android you will need to visit the Google play store and search for the app "Deepnet SafeID Programmer"

       

       Download, Install and run this app.

    3. Obtain and enter your Seed

       

       Before you can produce OTP codes using a programmable token you will need  to obtain the seed data (either in the form of a compatible QR code that can be scanned, or in hex or base32 encoded format).

       Once the seed data for the token has been obtained it can be transferred to the app either by scanning the QR code, or manual entry of the Base32/Hex encoded seed:

       • Scan QR Code

         When scanning a QR Code on an Android (or IOS) SafeID programming App you first need to make ensure that the QR code is ready for scanning using the camera on your smartphone.

         Display the QR Code ready for scanning (the QR code below is just an example);

         

         
         

         Next launch the app on your mobile device,, point the camera at your QR code, then click on  the button;

         

         
         

         After clicking on the the button point the camera the QR code and the code will be automatically scanned;

         

         
         

         The token's seed/secret is extracted from the QR code, and you will progress onto the next step "Token Configuration";

         

         
         

         You are now ready to burn the seed details onto the token.

       • Manual entry of seed data

         Manual entry of the seed may be performed with either a Base32, or Hex encoded seed.

         Copy and paste your seed into the input area then click ;

         

         The software will then examine your seed and confirm if it is a valid Base32 or Hex seed (If the programming app cannot identify a valid seed then you may be requested to correct the entry).

         When a valid seed has been entered you will still need to confirm the time and algorithm parameters.

         Generally speaking, if the token is to be replacing an authentication app, then these parameters can be left at their default settings (but if you are aware that either a different time window size, or algorithm setting are needed, then you will need to manually adjust these settings from the default.

         Once the token configuration settings match your requirements click on the button;

         

         You are now ready to burn the seed details onto the token.

    Burning Seed data onto the Programmable Tokens using an NFC enabled smartphone

    Once the token parameters have been confirmed you will be asked to turn on the token.

    Turn on the token then click ;

    

    The app will update to show that the token is currently not connected to the app;

    

    With NFC on the mobile enabled, ensure your token is turned on, then place the token near the NFC reader on your phone (typically this will be near the top at the back of your phone).

    The app will update and show that the token is now connected, and will display details about the token that it has found; 

    

    Part of the information displayed is an assessment of any time drift that has been detected on your token.

    Generally speaking, if more than 2 seconds drift has been detected we would advise you click on the "Synchronise Token Clock" option prior to burning your token.

    If you are ready to burn the token click on the button, and the token details will be transferred to the token, and you will notified with the message "TOKEN PROGRAMMED SUCCESSFULLY";

    

    

    Related Articles

    • Programmable Tokens and keys
    • Hardware Tokens
    • NFC Card Reader
    • How to convert seed data between Hex and Base32 encoding

  Programming single seeded tokens using a QR code on and iOS mobile phone

  Single seeded tokens (such as the SafeID/Diamond and the SafeID/Pro) can be programmed using an iOS mobile phone using a procedure that is similar to the windows procedure, but using the following instructions;

  • Click here for instructions for using the SafeID Diamond Programmer for iOS

    
    

    Introduction

    There are circumstance where you may want to replace a mobile phone based authentication app (such as google authenticator) with a programmable hardware token (such as the SafeID/Diamond or SafeID/Pro programmable tokens).

    Before you can produce OTP codes using a programmable token you will need  to obtain the seed data in the form of a compatible QR code.

    
    

    

    
    

    
    

    
    

    Preparation

    Before you can use an NFC enabled phone to burn programmable tokens you will need to perform the following preparatory steps;

    1. Enable NFC on your iOS smartphone
    2. Install our SafeID programming app on your phone

    Enabling NFC

    The following procedure can be used to enable NFC on your iOS smartphone;

    • Enabling NFC on an iOS mobile phone

      • iPhones 7 and the more recent released models can read NFC tags and make NFC payments. However, no NFC support was added to iPhones 6 and 6S, yet it can be used to make NFC payments only. 
      • NFC is automatically enabled in Apple phones. 

    Installing the SafeID Programmer on your phone

    The SafeID programming app is available for download in versions suitable for Windows, Android and iOS devices.

    Instructions for downloading the programming app on your iOS device; 

    • Downloading the programming tool on iOS devices

      

      If your mobile device runs android you will need to visit the apple play store and search for the app "SafeID Programmer"

      

      Download, Install and run this app.

    

    Burning Seed data onto the Programmable Tokens using an NFC enabled smartphone

    When scanning a QR Code on an Android (or IOS) SafeID programming App you first need to make ensure that the QR code is ready for scanning using the camera on your smartphone.

    Display the QR Code ready for scanning (the QR code below is just an example);

    

    
    

    Next launch the app on your mobile device, and use the following instructions to burn the programmable token;

    • Scanning the QR Code on an iOS phone

      Launch the app, point the camera at your QR code, then click on  the button to scan the image;

      

      
      

      After the QR Code has been scanned you will find that the seed details have been automatically added to the app and you will be ready to burn the seed details onto the token.

    
    

    Switch on the programmable token and place it against the back of the phone, then use the button to start burning the token.

    When you hear a beep, do not move the token until you hear the second beep, and the message "Token programmed successfully" will be displayed (indicating that the token has been programmed).

    Related Articles

    • Programmable Tokens and keys
    • Hardware Tokens
    • NFC Card Reader

  Programming multi-seeded tokens

  If you have a multi seeded programmable token (such as the SafeID PinPad(pro) or SafeID QR(pro), then please see the instructions in the following guides;

  • SafeID PinPad(Pro) Programming Tools
  • SafeID QR(Pro) Programming Tools

  Related Articles

  • Programmable Tokens and keys
  • Hardware Tokens
  • NFC Card Reader
  • Checking and resolving time drift on a windows computer
  • How to generate QR codes for authenticator apps or programmable tokens
  • How to extract seed data from a QR code using a PC

Verifying your token

Once you have programmed your token you will need to verify your programmable token by entering the 6 digit OTP code from the token (at the prompt "2FA Code"), then click .

The programmable token will then be ready to use when next logging in to the user's account.

Related Articles

• OTP Tokens
• Programmable Tokens and keys
• NFC Smart Card Reader
• Two-factor authentication using TOTP for Management by User with admin privileges
• Setting up Time-based One-time Passwords on SonicWall UTM Appliances