Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Web Security Appliance S690
  5. User Guide

Cisco Cisco Web Security Appliance S690 User Guide

Download
Page of 286
5-2
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
 
Chapter 5      Acquire End-User Credentials
  Authentication Best Practices
Authentication Task Overview
Authentication Best Practices
Create as few Active Directory realms as is practical. Multiple Active Directory realms require 
additional memory usage for authentication.
If using NTLMSSP, authenticate users using either the Web Security appliance or the upstream 
proxy server, but not both. (Recommend Web Security appliance)
If using Kerberos, authenticate using the Web Security appliance. 
For optimal performance, authenticate clients on the same subnet using a single realm.
Some user agents are known to have issues with machine credentials or authentication failures, 
which can negatively impact normal operations. You should bypass authentication with these user 
agents. See 
Authentication Planning
Step Task
Links to Related Topics and Procedures
1.
Create an authentication realm. 
2.
Configure global authentication settings.
3.
Configure external authentication.
You can authenticate users through an external LDAP or 
RADIUS server.
4.
(Optional) Create and order additional 
authentication realms. 
Create at least one authentication realm for each 
authentication protocol and scheme combination you 
plan to use.
5.
(Optional) Configure credential encryption.
6.
Create Identification Profiles to classify users and client 
software based on authentication requirements.
7.
Create policies to manage Web requests from the 
users and user groups for which you created 
Identification Profiles.
Managing Web Requests Through Policies Best Practices, page 7-3