Cisco Cisco Web Security Appliance S160 User Guide
5-18
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Sequences
Step 6
Submit and commit your changes.
Authentication Sequences
•
•
•
•
Credential Cache
Options:
Options:
Client IP Idle Timeout
When IP address is used as the authentication surrogate, this setting
specifies how long the Web Proxy waits before asking the client for
authentication credentials again when the client has been idle.
specifies how long the Web Proxy waits before asking the client for
authentication credentials again when the client has been idle.
When this value is greater than the Surrogate Timeout value, this setting has
no effect and clients are prompted for authentication after the Surrogate
Timeout is reached.
no effect and clients are prompted for authentication after the Surrogate
Timeout is reached.
You might want to use this setting to reduce the vulnerability of users who
leave their computers.
leave their computers.
Credential Cache
Options:
Options:
Cache Size
Specifies the number of entries that are stored in the authentication cache.
Set this value to safely accommodate the number of users that are actually
using this device. The default value is the recommended setting.
Set this value to safely accommodate the number of users that are actually
using this device. The default value is the recommended setting.
User Session
Restrictions
Restrictions
This setting specifies whether or not authenticated users are allowed to
access the Internet from multiple IP addresses simultaneously.
access the Internet from multiple IP addresses simultaneously.
You might want to restrict access to one machine to prevent users from
sharing their authentication credentials with non-authorized users. When a
user is prevented from logging at a different machine, an end-user
notification page appears. You can choose whether or not users can click a
button to login as a different username using the Re-authentication setting
on this page.
sharing their authentication credentials with non-authorized users. When a
user is prevented from logging at a different machine, an end-user
notification page appears. You can choose whether or not users can click a
button to login as a different username using the Re-authentication setting
on this page.
When you enable this setting, enter the restriction timeout value, which
determines how long users must wait before being able to log into a machine
with a different IP address. The restriction timeout value must be greater
than the surrogate timeout value.
determines how long users must wait before being able to log into a machine
with a different IP address. The restriction timeout value must be greater
than the surrogate timeout value.
You can remove a specific user or all users from the authentication cache
using the
using the
authcache
CLI command.
Advanced
When using Credential Encryption or Access Control, you can choose
whether the appliance uses the digital certificate and key shipped with the
appliance (the Cisco Web Security Appliance Demo Certificate) or a digital
certificate and key you upload here.
whether the appliance uses the digital certificate and key shipped with the
appliance (the Cisco Web Security Appliance Demo Certificate) or a digital
certificate and key you upload here.
To upload a digital certificate and key, click Browse and navigate to the
necessary file on your local machine. Then click Upload Files after you
select the files you want.
necessary file on your local machine. Then click Upload Files after you
select the files you want.
Setting
Description