Cisco Cisco Web Security Appliance S170 사용자 가이드
20-2
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Overview of Authentication
To enable authentication, you must create at least one authentication realm. An authentication realm is
a set of authentication servers (or a single server) supporting a single authentication protocol with a
particular configuration. For more information about authentication realms, see
a set of authentication servers (or a single server) supporting a single authentication protocol with a
particular configuration. For more information about authentication realms, see
When you create more than one realm, you can group the realms into an authentication sequence. An
authentication sequence is a group of authentication realms listed in the order the Web Security
appliance uses for authenticating clients. For more information about authentication sequences, see
authentication sequence is a group of authentication realms listed in the order the Web Security
appliance uses for authenticating clients. For more information about authentication sequences, see
.
You configure some authentication options at a global level, independent of any realm. For more
information, see
information, see
By creating authentication realms and sequences, you can configure the Web Security appliance to use
one or more authentication servers for authenticating clients on the network. For more information about
how the appliance works when it uses multiple authentication servers, see
one or more authentication servers for authenticating clients on the network. For more information about
how the appliance works when it uses multiple authentication servers, see
.
After creating an authentication realm and possibly a sequence, too, you can create or edit Identities
based on authentication realms or sequences. Note, however, that if you delete an authentication realm
or sequence, any Identity group that depends on the deleted realm or sequence becomes disabled. For
more information about using authentication with Identities, see
based on authentication realms or sequences. Note, however, that if you delete an authentication realm
or sequence, any Identity group that depends on the deleted realm or sequence becomes disabled. For
more information about using authentication with Identities, see
.
Client Application Support
When the Web Security appliance is deployed in transparent mode and a transaction requires
authentication, the Web Proxy replies to the client application asking for authentication credentials.
However, not all client applications support authentication, so they have no method for prompting users
to provide their user names and passwords. These applications cannot be used when the Web Security
appliance is deployed in transparent mode.
authentication, the Web Proxy replies to the client application asking for authentication credentials.
However, not all client applications support authentication, so they have no method for prompting users
to provide their user names and passwords. These applications cannot be used when the Web Security
appliance is deployed in transparent mode.
The following is a partial list of applications that do not work when the appliance is deployed in
transparent mode:
transparent mode:
•
Mozilla Thunderbird
•
Adobe Acrobat Updates
•
HttpBridge
•
Subversion, by CollabNet
•
Microsoft Windows Update
•
Microsoft Visual Studio
Note
If users need to access a particular URL using one of these client applications, then create an Identity
based on a custom URL category that does not require authentication and place the Identity above all
other Identities that require authentication. When you do this, the client application will not be asked for
authentication.
based on a custom URL category that does not require authentication and place the Identity above all
other Identities that require authentication. When you do this, the client application will not be asked for
authentication.