Cisco Cisco Web Security Appliance S170 Guía Del Usuario
5-2
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Best Practices
Authentication Task Overview
Authentication Best Practices
•
Create as few Active Directory realms as is practical. Multiple Active Directory realms require
additional memory usage for authentication.
additional memory usage for authentication.
•
If using NTLMSSP, authenticate users using either the Web Security appliance or the upstream
proxy server, but not both. (Recommend Web Security appliance)
proxy server, but not both. (Recommend Web Security appliance)
•
If using Kerberos, authenticate using the Web Security appliance.
•
For optimal performance, authenticate clients on the same subnet using a single realm.
•
Some user agents are known to have issues with machine credentials or authentication failures,
which can negatively impact normal operations. You should bypass authentication with these user
agents. See
which can negatively impact normal operations. You should bypass authentication with these user
agents. See
.
Authentication Planning
•
•
•
•
•
Step Task
Links to Related Topics and Procedures
1.
Create an authentication realm.
•
•
2.
Configure global authentication settings.
•
3.
Configure external authentication.
You can authenticate users through an external LDAP or
RADIUS server.
RADIUS server.
•
4.
(Optional) Create and order additional
authentication realms.
authentication realms.
Create at least one authentication realm for each
authentication protocol and scheme combination you
plan to use.
authentication protocol and scheme combination you
plan to use.
•
5.
(Optional) Configure credential encryption.
•
6.
Create Identification Profiles to classify users and client
software based on authentication requirements.
software based on authentication requirements.
•
7.
Create policies to manage Web requests from the
users and user groups for which you created
Identification Profiles.
users and user groups for which you created
Identification Profiles.
•