Cisco Cisco Web Security Appliance S170 사용자 가이드

If the Web Security appliance uses cookies for authentication surrogates, Cisco recommends enabling 
credential encryption. For more information, see 

 describes which authentication surrogates are supported with other configurations for 

explicitly forwarded requests. 

 describes which authentication surrogates are supported with other configurations for 

transparent requests. 

* Works after the client makes a request to an HTTP site and is authenticated. Before this happens, the 
behavior depends on the transaction type:

Native FTP transactions. Transactions bypass authentication. 

HTTPS transactions. Transactions are dropped. However, you can configure the HTTPS Proxy to 
decrypt the first HTTPS request for authentication purposes.

** When cookie-based authentication is used, the Web Proxy cannot authenticate the user for HTTPS, 
native FTP, and FTP over HTTP transactions. Due to this limitation, all HTTPS, native FTP, and FTP 
over HTTP requests bypass authentication, so authentication is not requested at all. For more 
information on how HTTPS requests are assigned Identity and non-Identity policy groups, see 

.

*** No surrogate is used in this case even though cookie-based surrogate is configured.

No Surrogate

Yes

Yes

Yes

NA

NA

NA

IP-based

Yes

Yes

Yes

Yes

Yes

Yes

Cookie-based

Yes

Yes***

Yes***

Yes

No/Yes**

Yes***

No Surrogate

NA

NA

NA

NA

NA

NA

IP-based

Yes

No/Yes*

No/Yes*

Yes

No/Yes*

No/Yes*

Cookie-based

Yes

No/Yes**

No/Yes**

Yes

No/Yes**

No/Yes**