Cisco Cisco Web Security Appliance S690 Guida Utente

Configure Network Security:

(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before 
real users use them to authenticate. For details on the testing performed, see 

.

Submit and commit your changes.

Customize the access log to use the %m custom field parameter.

Create an Identity that uses the Kerberos authentication scheme. 

.

Ensure you have the rights and domain information needed to join the Web Security appliance to the 
Active Directory domain you wish to authenticate against.

If you plan to use “domain” as the NTLM security mode, use only nested Active Directory groups. 
If Active Directory groups are not nested, use the default value, “ads”. See 

the Command Line Interface appendix of this guide.

Compare the current time on the Web Security appliance with the current time on the Active 
Directory server and verify that the difference is no greater than the time specified in the “Maximum 
tolerance for computer clock synchronization” option on the Active Directory server. If the Web 
Security appliance is managed by a Security Management appliance, be prepared to ensure that 
same-named authentication realms on different Web Security appliances have identical properties 
defined on each appliance. Be aware that once you commit the new realm, you cannot change a 
realm’s authentication protocol.

Choose Network > Authentication.

Click Add Realm. 

Enter both the server name for the machine where the primary Active 
Directory agent is installed and the shared secret used to access it.

(Optional) Enter the server name for the machine where a backup Active 
Directory agent is installed and its shared secret.

Client Signing Required

Select this option if the Active Directory server is configured to require 
client signing. 

With this option selected, AsyncOS uses Transport Layer Security when 
communicating with the Active Directory server.