Cisco Cisco Web Security Appliance S370 사용자 가이드
6-16
Cisco AsyncOS for Web User Guide
Chapter 6 Acquire End-User Credentials
Authentication Realms
Redirect Hostname
Enter the short hostname of the network interface on which the Web Proxy
listens for incoming connections.
listens for incoming connections.
When you enable Authentication Mode above, the Web Proxy uses this
hostname in the redirection URL sent to clients for authenticating users.
hostname in the redirection URL sent to clients for authenticating users.
You can enter either the following values:
•
Single word hostname. You can enter the single word hostname that is
DNS resolvable by the client and the Web Security appliance. This
allows clients to achieve true single sign-on with Internet Explorer
without additional browser side setup.
Be sure to enter the single word hostname that is DNS resolvable by the
client and the Web Security appliance.
For example, if your clients are in domain
DNS resolvable by the client and the Web Security appliance. This
allows clients to achieve true single sign-on with Internet Explorer
without additional browser side setup.
Be sure to enter the single word hostname that is DNS resolvable by the
client and the Web Security appliance.
For example, if your clients are in domain
mycompany.com
and the
interface on which the Web Proxy is listening has a full hostname of
proxy.mycompany.com
, then you should enter
proxy
in this field. Clients
perform a lookup on
proxy
and they should be able to resolve
proxy.mycompany.com
.
•
Fully qualified domain name (FQDN). You can also enter the FQDN
or IP address in this field. However, if you do that and want true single
sign-on for Internet Explorer and Firefox browsers, you must ensure
that the FQDN or IP address is added to the client’s Trusted Sites list in
the client browsers.
The default value is the FQDN of the M1 or P1 interface, depending on
which interface is used for proxy traffic.
or IP address in this field. However, if you do that and want true single
sign-on for Internet Explorer and Firefox browsers, you must ensure
that the FQDN or IP address is added to the client’s Trusted Sites list in
the client browsers.
The default value is the FQDN of the M1 or P1 interface, depending on
which interface is used for proxy traffic.
Credential Cache
Options:
Options:
Surrogate Timeout
This setting specifies how long the Web Proxy waits before asking the client
for authentication credentials again. Until the Web Proxy asks for
credentials again, it uses the value stored in the surrogate (IP address or
cookie).
for authentication credentials again. Until the Web Proxy asks for
credentials again, it uses the value stored in the surrogate (IP address or
cookie).
Note that it is common for user agents, such as browsers, to cache the
authentication credentials so the user will not be prompted to enter
credentials each time.
authentication credentials so the user will not be prompted to enter
credentials each time.
Credential Cache
Options:
Options:
Client IP Idle Timeout
When IP address is used as the authentication surrogate, this setting
specifies how long the Web Proxy waits before asking the client for
authentication credentials again when the client has been idle.
specifies how long the Web Proxy waits before asking the client for
authentication credentials again when the client has been idle.
When this value is greater than the Surrogate Timeout value, this setting has
no effect and clients are prompted for authentication after the Surrogate
Timeout is reached.
no effect and clients are prompted for authentication after the Surrogate
Timeout is reached.
You might want to use this setting to reduce the vulnerability of users who
leave their computers.
leave their computers.
Credential Cache
Options:
Options:
Cache Size
Specifies the number of entries that are stored in the authentication cache.
Set this value to safely accommodate the number of users that are actually
using this device. The default value is the recommended setting.
Set this value to safely accommodate the number of users that are actually
using this device. The default value is the recommended setting.
Setting
Description