Cisco Cisco Web Security Appliance S170 사용자 가이드

H O W   W E B   P R O X Y   D E P L O Y M E N T   A F F E C T S   A U T H E N T I C A T I O N

C H A P T E R   1 6 :   A U T H E N T I C A T I O N

 343

Table 16-7 lists advantages and disadvantages of using explicit forward NTLM authentication. 

Transparent Deployment, NTLM Authentication

Transparent NTLM authentication is similar to transparent Basic authentication except that the 
Web Proxy communicates with clients using NTLMSSP instead of Basic. However, with 
transparent NTLM authentication, the authentication credentials are not sent in the clear to 
the authentication server.

For more information, see “Transparent Deployment, Basic Authentication” on page 340.

The advantages and disadvantages of using transparent NTLM authentication are the same as 
those of using transparent Basic authentication except that transparent NTLM authentication 
is better because the password is not sent to the authentication server and you can achieve 
single sign-on when the client applications are configured to trust the Web Security 
appliance. For more information on the advantages and disadvantages of transparent Basic 
authentication, see Table 16-5 on page 341 Table 16-6 on page 342.

Table 16-7 Pros and Cons of Explicit Forward NTLM Authentication

Advantages

Disadvantages

• Because the password is not transmitted to 

the authentication server, it is more secure

• Connection is authenticated, not the host or 

IP address

• Achieves true single sign-on in an Active 

Directory environment when the client 
applications are configured to trust the Web 
Security appliance

• Moderate overhead: each new connection 

needs to be re-authenticated

• Primarily supported on Windows only and with 

major browsers only