Cisco Cisco Web Security Appliance S670 사용자 가이드

Novell eDirectory maintains a mapping that matches authenticated user names to 
their current IP addresses. AsyncOS for Web communicates with the Novell 
eDirectory server at regular intervals to maintain the current IP address to user 
name mapping.

When a client makes a request for a website, the Web Security appliance receives 
the request and obtains the IP address from the request. AsyncOS for Web then 
checks the IP address to user name mapping stored on the Web Security appliance 
to assign a user name to the client request. AsyncOS for Web also fetches the user 
groups from the Novell eDirectory server at this time. Assuming it matches a user 
name to the IP address, AsyncOS for Web applies policies to the transaction as 
appropriate.

If the IP address does not match a user name, you can configure how to handle the 
transaction. You can grant the end user guest access, or you can force an 
authentication prompt to appear to the end user. 

When an end user is shown an authentication prompt due to failed transparent user 
identification, and the user then fails authentication due to invalid credentials, you 
can choose whether to allow the user guest access. 

 shows where you 

grant user access when configuring an Identity for transparent user identification.

The current IP address to user name mapping is updated, by default, every 600 
seconds. You can change this time interval using the 

advancedproxyconfig > 

authentication

 CLI command.

When you enable re-authentication and a transaction is blocked by URL filtering, 
an end-user notification page appears with the option to log in as a different user. 
Users who click the link are prompted for authentication. For more information, 
see