Cisco Cisco Web Security Appliance S170 사용자 가이드
20-11
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Authentication Realms
Adding an LDAP Authentication Realm
Step 1
Navigate to Network > Authentication.
Step 2
Click Add Realm.
Step 3
Name the authentication realm.
All sequence and realm names must be unique and only contain alphanumeric characters or the space
character. Also, if the Web Security appliance is managed by a Security Management appliance, ensure
that same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance.
character. Also, if the Web Security appliance is managed by a Security Management appliance, ensure
that same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance.
Step 4
Select LDAP in the Authentication Protocol and Scheme(s) field.
Step 5
Enter the LDAP authentication settings:
Setting
Description
LDAP Version
Choose the version of LDAP, and choose whether or not to use Secure LDAP.
The appliance supports LDAP versions 2 and 3. Secure LDAP requires LDAP
version 3.
version 3.
Choose whether or not this LDAP server supports Novell eDirectory to use with
transparent user identification.
transparent user identification.
LDAP Server
Enter the LDAP server IP address or hostname and its port number. You can
specify up to three servers.
specify up to three servers.
The hostname must be a fully-qualified domain name. For example,
ldap.example.com
. An IP address is required only if the DNS servers
configured on the appliance cannot resolve the LDAP server hostname.
The default port number for Standard LDAP is 389. The default number for
Secure LDAP is 636.
Secure LDAP is 636.
If the LDAP server is an Active Directory server, enter the hostname or IP
address and the port of the domain controller here. Whenever possible, enter the
name of the Global Catalog Server and use port 3268. However, you might want
to use a local domain controller when the global catalog server is physically far
away and you know you only need to authenticate users on the local domain
controller.
address and the port of the domain controller here. Whenever possible, enter the
name of the Global Catalog Server and use port 3268. However, you might want
to use a local domain controller when the global catalog server is physically far
away and you know you only need to authenticate users on the local domain
controller.
Note: When you configure multiple authentication servers in the realm, the
appliance attempts to authorize with up to three authentication servers before
failing to authenticate the transaction within that realm.
appliance attempts to authorize with up to three authentication servers before
failing to authenticate the transaction within that realm.
LDAP Persistent
Connections
Connections
(under the Advanced
section)
section)
Choose one of the following values:
•
Use persistent connections (unlimited). Use existing connections. If no
connections are available a new connection is opened.
connections are available a new connection is opened.
•
Use persistent connections. Use existing connections to service the
number of requests specified. When the maximum is reached, establish a
new connection to the LDAP server.
number of requests specified. When the maximum is reached, establish a
new connection to the LDAP server.
•
Do not use persistent connections. Always create a new connection to the
LDAP server.
LDAP server.