Cisco Cisco Web Security Appliance S190 Mode D'Emploi
5-2
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Best Practices
Authentication Task Overview
Authentication Best Practices
•
Create as few Active Directory realms as is practical. Multiple Active Directory realms require
additional memory usage for authentication.
additional memory usage for authentication.
•
If using NTLMSSP, authenticate users using either the Web Security appliance or the upstream
proxy server, but not both. (Recommend Web Security appliance)
proxy server, but not both. (Recommend Web Security appliance)
•
If using Kerberos, authenticate using the Web Security appliance.
•
For optimal performance, authenticate clients on the same subnet using a single realm.
Authentication Planning
•
•
•
•
•
Step
Task
Links to Related Topics and Procedures
1.
Create an authentication realm.
•
•
2.
Configure global authentication settings.
•
3.
Configure external authentication.
You can authenticate users through an external LDAP
or RADIUS server.
or RADIUS server.
•
4.
(Optional) Create and order additional
authentication realms.
authentication realms.
Create at least one authentication realm for each
authentication protocol and scheme combination you
plan to use.
authentication protocol and scheme combination you
plan to use.
•
5.
(Optional) Configure credential encryption.
•
6.
Create identities to classify users and client software
based on authentication requirements.
based on authentication requirements.
•
Classifying Users and Client Software, page 6-3
7.
Create policies to manage web requests from the users
and user groups for which you created identities.
and user groups for which you created identities.
•