Cisco Cisco Web Security Appliance S670 Guida Utente
5-15
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Step 5
If the Web Proxy is deployed in explicit forward mode, edit the settings as follows:
User Session
Restrictions
Restrictions
This setting specifies whether or not authenticated users are allowed to
access the Internet from multiple IP addresses simultaneously.
access the Internet from multiple IP addresses simultaneously.
You might want to restrict access to one machine to prevent users from
sharing their authentication credentials with non-authorized users. When a
user is prevented from logging in at a different machine, an end-user
notification page appears. You can choose whether or not users can click a
button to login as a different username using the Re-authentication setting
on this page.
sharing their authentication credentials with non-authorized users. When a
user is prevented from logging in at a different machine, an end-user
notification page appears. You can choose whether or not users can click a
button to login as a different username using the Re-authentication setting
on this page.
When you enable this setting, enter the restriction timeout value, which
determines how long users must wait before being able to log into a machine
with a different IP address. The restriction timeout value must be greater
than the surrogate timeout value.
determines how long users must wait before being able to log into a machine
with a different IP address. The restriction timeout value must be greater
than the surrogate timeout value.
You can remove a specific user or all users from the authentication cache
using the
using the
authcache
CLI command.
Advanced
When using Credential Encryption or Access Control, you can choose
whether the appliance uses the digital certificate and key shipped with the
appliance (the Cisco Web Security Appliance Demo Certificate) or a digital
certificate and key you upload here.
whether the appliance uses the digital certificate and key shipped with the
appliance (the Cisco Web Security Appliance Demo Certificate) or a digital
certificate and key you upload here.
Setting
Description
Credential Encryption
This setting specifies whether or not the client sends the login credentials to
the Web Proxy through an encrypted HTTPS connection. To enable
credential encryption, choose “HTTPS Redirect (Secure)”. When you
enable credential encryption, additional fields appear to configure how to
redirect clients to the Web Proxy for authentication.
the Web Proxy through an encrypted HTTPS connection. To enable
credential encryption, choose “HTTPS Redirect (Secure)”. When you
enable credential encryption, additional fields appear to configure how to
redirect clients to the Web Proxy for authentication.
This setting applies to both Basic and NTLMSSP authentication schemes,
but it is particularly useful for Basic authentication scheme because user
credentials are sent as plain text.
but it is particularly useful for Basic authentication scheme because user
credentials are sent as plain text.
For more information, see
.
HTTPS Redirect Port
Specify a TCP port to use for redirecting requests for authenticating users
over an HTTPS connection.
over an HTTPS connection.
This specifies through which port the client will open a connection to the
Web Proxy using HTTPS. This occurs when credential encryption is enabled
or when using Access Control and users are prompted to authenticate.
Web Proxy using HTTPS. This occurs when credential encryption is enabled
or when using Access Control and users are prompted to authenticate.
Setting
Description