Cisco Cisco Web Security Appliance S670 Release Notes
C I S C O I R O N P O R T A S Y N C O S 6 . 3 . 8 F O R W E B R E L E A S E N O T E S
71
D O C U M E N T A T I O N A D D E N D A
This section contains additions or changes to the printed documentation for the IronPort
AsyncOS for Web User Guide
AsyncOS for Web User Guide
.
Sending the “Proxy-Authenticate: Negotiate” Header for NTLMSSP Authentication
This section lists additional information to consider when configuring NTLMSSP
Authentication.
Authentication.
Table 1-4 describes the authentication options for the
advancedproxyconfig
CLI
command.
Using a Wildcard Character in LDAP Group Fields
This section lists additional information to consider when using special characters in an LDAP
authentication realm.
authentication realm.
Table 1-4 describes the authentication options for the
advancedproxyconfig
CLI
command.
Table 1-3 advancedproxyconfig CLI Command—Authentication Options
Option
Valid
Values
Values
Default
Value
Value
Must Restart
Web Proxy?
Web Proxy?
Description
Would you like to send
Negotiate header along
with NTLM header for
NTLMSSP authentication:
1. Do not send Negotiate
header
2. Send Negotiate header
Negotiate header along
with NTLM header for
NTLMSSP authentication:
1. Do not send Negotiate
header
2. Send Negotiate header
1, 2
1
No
Choose whether or not to send the
“Proxy-Authenticate: Negotiate”
header when the Web Proxy uses
NTLMSSP authentication.
You might want to send this header to
maintain compatibility with older user
agents. You might want to not send the
header to allow .NET applications to
work properly with NTLMSSP
authentication.
“Proxy-Authenticate: Negotiate”
header when the Web Proxy uses
NTLMSSP authentication.
You might want to send this header to
maintain compatibility with older user
agents. You might want to not send the
header to allow .NET applications to
work properly with NTLMSSP
authentication.
Table 1-4 advancedproxyconfig CLI Command—Authentication Options
Option
Valid
Values
Values
Default
Value
Value
Must Restart
Web Proxy?
Web Proxy?
Description
Would you like to allow
wild card matching with
the character * for LDAP
group names?
wild card matching with
the character * for LDAP
group names?
Yes, No
(Boolean)
(Boolean)
Yes
Yes
Choose whether or not to match an
asterisk as a wildcard in LDAP group
filters.
When this option is disabled, using an
asterisk (*) in the group filters for
LDAP servers works as a literal string.
asterisk as a wildcard in LDAP group
filters.
When this option is disabled, using an
asterisk (*) in the group filters for
LDAP servers works as a literal string.