Cisco Cisco Web Security Appliance S380 User Guide
334
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
A U T H E N T I C A T I O N O V E R V I E W
Authentication is the act of confirming the identity of a user. By using authentication in the
Web Security appliance, you can control access to the Web for each user or a group of users.
This allows you to enforce the organization’s policies and comply with regulations. When you
enable authentication, the Web Security appliance authenticates clients on the network
before allowing them to connect to a destination server.
Web Security appliance, you can control access to the Web for each user or a group of users.
This allows you to enforce the organization’s policies and comply with regulations. When you
enable authentication, the Web Security appliance authenticates clients on the network
before allowing them to connect to a destination server.
The Web Security appliance supports the following authentication protocols:
• Lightweight Directory Access Protocol (LDAP). The appliance supports standard LDAP
server authentication and secure LDAP authentication. You can use a Basic authentication
scheme. For more information about LDAP configuration options, see “LDAP
Authentication” on page 370.
scheme. For more information about LDAP configuration options, see “LDAP
Authentication” on page 370.
• NT Lan Manager (NTLM). The appliance supports NTLM to enable authentication
between the appliance and a Microsoft Windows domain controller. You can use either
NTLMSSP or Basic authentication schemes. For more information about NTLM
configuration options, see “NTLM Authentication” on page 376.
NTLMSSP or Basic authentication schemes. For more information about NTLM
configuration options, see “NTLM Authentication” on page 376.
To enable authentication, you must create at least one authentication realm. An
authentication realm is a set of authentication servers (or a single server) supporting a single
authentication protocol with a particular configuration. For more information about
authentication realms, see “Working with Authentication Realms” on page 344.
authentication realm is a set of authentication servers (or a single server) supporting a single
authentication protocol with a particular configuration. For more information about
authentication realms, see “Working with Authentication Realms” on page 344.
When you create more than one realm, you can group the realms into an authentication
sequence. An authentication sequence is a group of authentication realms listed in the order
the Web Security appliance uses for authenticating clients. For more information about
authentication sequences, see “Working with Authentication Sequences” on page 346.
sequence. An authentication sequence is a group of authentication realms listed in the order
the Web Security appliance uses for authenticating clients. For more information about
authentication sequences, see “Working with Authentication Sequences” on page 346.
You configure some authentication options at a global level, independent of any realm. For
more information, see “Configuring Global Authentication Settings” on page 353.
more information, see “Configuring Global Authentication Settings” on page 353.
By creating authentication realms and sequences, you can configure the Web Security
appliance to use one or more authentication servers for authenticating clients on the network.
For more information about how the appliance works when it uses multiple authentication
servers, see “Appliance Behavior with Multiple Authentication Realms” on page 349.
appliance to use one or more authentication servers for authenticating clients on the network.
For more information about how the appliance works when it uses multiple authentication
servers, see “Appliance Behavior with Multiple Authentication Realms” on page 349.
After creating an authentication realm and possibly a sequence, too, you can create or edit
Identities based on authentication realms or sequences. Note, however, that if you delete an
authentication realm or sequence, any Identity group that depends on the deleted realm or
sequence becomes disabled. For more information about using authentication with Identities,
see “How Authentication Affects Identity Groups” on page 128.
Identities based on authentication realms or sequences. Note, however, that if you delete an
authentication realm or sequence, any Identity group that depends on the deleted realm or
sequence becomes disabled. For more information about using authentication with Identities,
see “How Authentication Affects Identity Groups” on page 128.
Client Application Support
When the Web Security appliance is deployed in transparent mode and a transaction requires
authentication, the Web Proxy replies to the client application asking for authentication
credentials. However, not all client applications support authentication, so they have no
authentication, the Web Proxy replies to the client application asking for authentication
credentials. However, not all client applications support authentication, so they have no